Laird Nelson wrote:
>
> "Subrahmanyam A.V.B." wrote:
> >
> > What about the InitialContext you're creating in the servlet (or any
> > other client) for lookup. In WebLogic, you should be setting
> > Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS while
> > creating the InitialContext? Does it not explain the magic?
>
> Partially. Does this mean that I should be getting a new
> InitialContext() *every time* my servlet is invoked (since it could be
> invoked by all sorts of people), rather than stashing the first
> InitialContext away as a member variable? Isn't this slow and
> unadvisable? Then again, perhaps this is the only way to do it?
InitialContext doesn't have that much of an overhead. It's pretty much a
factory into the naming context, which for ENC shouldn't be doing much
to begin with.
It might, however, attempt to authenticate each time, which is not
smart.
That's why the Servlet do the authentication for you. Apparently that is
not clear in the specs, but will be addressed in a future revision.
arkin
>
> Cheers,
> Laird
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
