You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@tuscany.apache.org by Sun Yang <sy...@gmail.com> on 2008/03/30 17:08:22 UTC

Tuscany client side authentication best practice?

Hi,
I want to know whether Tuscany provide any best practices for client side
(c/s architecture) authentication. Could any one help?

In the EJB world, we could use a stateful session bean to achieve client
side authentication and keep the user authenticated in the same session.
Otherwise, we cannot cache the authentication result in the server side and
have to transfer the credential information in every call.

I am not sure whether there is some kind of best practise to achieve the
same goal as stateful session bean provides? Could I use a ejb client to
connect to the SCA domain with a service backed by a stateful session bean?

Thanks for your help.

Best Regards,
Yang Sun

Re: Tuscany client side authentication best practice?

Posted by Raymond Feng <en...@gmail.com>.

Hi,

If I understand your question correctly, you're looking for a way to keep 
some state data (authenticated subject) for SCA components. Please correct 
me if otherwise.

The Java implementation type supports all of the scopes defined in the Java 
Common Annotations and API Specification: STATELESS, REQUEST, CONVERSATION, 
and COMPOSITE. Implementations specify their scope through the use of the 
@Scope annotation. For stateless components, you need to pass state data 
back and forth like the HTTP cookies. If the scope is COMPOSITE, there will 
be one instance for the whole composite. REQUEST for the same request and 
CONVERSATION for the same conversation. You can use these component 
instances to keep some state data in the given scope.

BTW, SCA uses intents and policySets to support declarative security. You 
can find more details at [1]. Are you interested in this perspective too?

Thanks,
Raymond

[1] 
http://www.osoa.org/download/attachments/35/SCA_Policy_Framework_V100.pdf?version=1.

--------------------------------------------------
From: "Sun Yang" <sy...@gmail.com>
Sent: Sunday, March 30, 2008 8:08 AM
To: <tu...@ws.apache.org>
Cc: <xg...@msn.com>
Subject: Tuscany client side authentication best practice?

> Hi,
> I want to know whether Tuscany provide any best practices for client side
> (c/s architecture) authentication. Could any one help?
>
> In the EJB world, we could use a stateful session bean to achieve client
> side authentication and keep the user authenticated in the same session.
> Otherwise, we cannot cache the authentication result in the server side 
> and
> have to transfer the credential information in every call.
>
> I am not sure whether there is some kind of best practise to achieve the
> same goal as stateful session bean provides? Could I use a ejb client to
> connect to the SCA domain with a service backed by a stateful session 
> bean?
>
> Thanks for your help.
>
> Best Regards,
> Yang Sun
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-user-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-user-help@ws.apache.org