> "Subrahmanyam A.V.B." wrote:
> >
> > What about the InitialContext you're creating in the servlet (or any
> > other client) for lookup. In WebLogic, you should be setting
> > Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS while
> > creating the InitialContext? Does it not explain the magic?
>
> Partially. Does this mean that I should be getting a new
> InitialContext() *every time* my servlet is invoked (since it could be
> invoked by all sorts of people), rather than stashing the first
> InitialContext away as a member variable? Isn't this slow and
> unadvisable? Then again, perhaps this is the only way to do it?
Do yourself a favor and ignore the possibility of using JNDI security to
do EJB security. It won't work. See archives (about a year ago I think)
for extensive discussion on this.
You should indeed try to save the InitialContext.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.dreambean.com
Question reality
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
