At javaone I discussed corba CSS configuration with Dain and Alan and
IIUC we think the current situation where CSS configurations are
associated only with ejb-refs is inadequate. Here is the problem:
client 1 on host A gets an ejb remote object from host B. The client
security config is specified on the ejb ref in client 1 and refers to
the security info available on that host.
client 1 gets a handle for that ejb object and gives it to app 2 on
host C
app 2 tries to use the handle to talk to the ejb on host B. The
available security infomation on C is completely different from that
available on A. What CSS configuration should be used to reconnect the
handle? Since app 2 does not have an ejb-ref for the handle, we don't
have a CSS configured.
We think that we need a CSS configuration for the entire object that is
using the handle. This could be the entire server/client, or the
application, the module, or (for ejbs) the individual ejb. IIUC we
haven't figured out which one of these is most useful.
thanks
david jencks
