This section describes new or changed functionality with Enterprise Security and EAServer.
When using Enterprise Security with EAServer, you must create roles and add users to the roles using Security Manager. You must then map each role to an EAServer role.
EAServer provides a mechanism by which applications can extend and maintain an authenticated session beyond the lifetime enforced by EAServer. This mechanism uses the methods CtsSecurity::SessionInfo::setName and CtsSecurity::AuthService::getCallerPrincipal.
If these methods are implemented, then you must authorize users by implementing either a role service or an authorization service. The internal role checking performed by EAServer does not work unless you add an alternate user name to the authorized user’s list for the role. Because the alternate user name that is set using the setName API can be dynamic, the role service or authorization service should work in tandem with the authentication service to authorize the user.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
