We have a system that is typically architected http --> servlet --> session bean --> entity bean --> database We have our own user sign-on system that sets an HttpSession property when the user successfully authenticates. Other servlets check for this and if it doesn't exist, redirect back to the log on servlet. We are now looking to secure all layers of the system. I would like to set the deployment options on the session and entity beans so that they can only be called by objects running as a certain mode. This I know how to do in the deployment XML. However, I would like all the servlets to run as a mode and then set the session beans to only allow there methods to be called when the caller is running as that mode. How do I specify that a servlet is running as a particular mode ? That is, how do I configure the servlet deployment so that all invocations on session beans are seen by the EJB container as being in that mode. Although we are using WLS, I presume there is a standard model and then BEA implement it as they want. TIA Graham ------------------------------------------------------------------------ Graham Parsons Reflective Solutions Limited, London, UK Tel: 07976 150940 E-mail: [EMAIL PROTECTED] http://www.reflective.co.uk ------------------------------------------------------------------------ =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
