> -----Original Message----- > From: David Jencks [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 25, 2004 12:15 AM > To: [EMAIL PROTECTED] > Subject: Re: [openejb-dev] Problem with lifecycle methods sneaking around > the interceptor stack (lots of tests are failing) > > Upon further thought and nudging... > > the ejb 2.1 spec section 21.5 seems to imply that all calls within a > transaction must be with the same principal. > > I therefore think that skipping the policycontext interceptor, runas > interceptor, and security interceptor are all fine. > > Given that all ejbStore calls will be under the same principal as a > preceding business method, one half of the > ConnectionTrackingInterceptor's job is unnecessary. I can split this > into 2 interceptors, one before the EntityInstanceInterceptor, and one > after. This will fix the immediate test failures. > > I am still very unclear about whether the EJBIdentityInterceptor can be > skipped. My impression is that it is needed to make sure that (in the > presence of a security policy) the ejb bean code is executing with the > correct permissions (for such things as permission to open a socket). > However I could easily be completely wrong about this. I think this is > plain non-jacc jaas security.
You are correct. EJBIdentityInterceptor is a non-jacc jaas security that has nothing to do with the EJB spec, per se. Regards, Alan
