Hey
Jian Lin wrote:
> Client authentication to the EJB server is done when the JNDI InitialContext is
> created to lookup
> the EJB objects. User ID and credential are specified as context properties as
> shown below:
This has been discussed extensively on this list before, and the above
method is definitely not it.
Why? Because the one who looks up an object may not be the user of the
object. If client A does a look up of object X and hands it over to
client B you certainly do not want B to be able to use it as client A.
Hence the authentication cannot be done as outlined above. Some sort of
threadassociated client authentication is necessary.
The bottom line is that this is not defined yet. JAAS will most probably
be the solution though.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
Homepage: http://www-und.ida.liu.se/~ricob684
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
