Assaf Arkin wrote:
> Laird Nelson wrote:
> > But the specification says
> > nothing about how to tie a caller to a role, yes?
> That's up to the implementation.
OK; good; that's what I thought. So the implementation should have a
way to indicate that if user-with-Principal-X logs in, whatever that
means (more on that in a moment), he should be notionally shoved in Role
Y. Then calls to isCallerInRole(Y) will work. Got it.
So let's back up one level and ask: at what point is the EJB container
told that the client that is dispatching zillions of method invocation
requests is identified by Principal X? Or, to ask it another way, who
(what process, what layer, what tier, what program, what object) sets
the Principal that is returned when an EntityBean, say, asks its
EJBContext for the caller Principal, by invoking the
getCallerPrincipal() method? Since it is part of the EJB specification,
I have to assume that the earliest point that this information can be
supplied is during the JNDI getInitialContext() lookup call. But that
also sounds like it would be horribly dangerous, so I have to assume
that no one has actually implemented it that way, because people are
generally smarter than I am. :-)
Clues? Pointers?
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
