Manualshelf

Installation guide

ManualsBrandsExtended Systems ManualsComputer equipmentOneBridge 4.1
71727374757677787980
CHAPTER 7 New Features in EAServer Versions 4.1.3, 4.1.2, 4.1.1, and 4.1
What’s New 67
Maintaining authenticated sessions
EAServer 4.1 adds methods that allow a client to maintain an authenticated
session across multiple transport sessions. In versions earlier than EAServer
4.1, if a client created a second component instance on the same server, or
created a component instance on another server in the same cluster, the client
was reauthenticated. A server can now authenticate and verify a client’s
credentials once, and, on subsequent authentication requests, the client
provides a reference to the initial authentication.
To use the single authentication mechanism, you must use a custom
authentication component that implements the
CtsSecurity::AuthService
interface.
CtsSecurity::SessionInfo::setName is a method that can be called only when
your custom authentication component is running. When this method is called
from the custom authentication component, the server sets the reference to the
authenticated security credentials. When the client needs to be authenticated
again, the custom authentication component returns the original principal name
by calling
CtsSecurity::AuthService::getCallerPrincipal(string alternate_name).
For more information, see Chapter 10, “Creating and Using Custom Security
Components,” in the Security Administration and Programming Guide.
EJB 2.0 component behavior in EAServer 4.0 versus 4.1
The effect of the com.sybase.jaguar.server.ejb.role.default property on EJB 2.0
components in EAServer 4.0 differs from EAServer version 4.1:
•The
com.sybase.jaguar.server.ejb.role.default property is a server-wide
property. To assign roles to all methods of an EJB 2.0 component in
EAServer 4.0, you can assign individual roles to all methods of the
component, or set the
com.sybase.jaguar.server.ejb.role.default property to
everybody.
In EAServer 4.1,
com.sybase.jaguar.server.ejb.role.default has been
removed. To assign a role to any one method of an EJB 2.0 component,
assign roles to all methods of the component. Otherwise, the server
displays an error message when trying to execute the method that does not
have a role assigned to it.
If none of the methods of an EJB 2.0 component have roles assigned to
them, authorization checks are not enforced and authorization is not
performed. No error message is sent to the server log.