> What about the InitialContext you're creating in the servlet (or any
> other client) for lookup. In WebLogic, you should be setting
> Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS while
> creating the InitialContext? Does it not explain the magic?
JNDI security should be used for JNDI methods only, i.e.
lookup/bind/etc.
JNDI security should not be used for identification and authentication
of EJB callers.
This was discussed extensively about a year ago. See archives. The basic
problem is that JNDI security cannot be used to identify the caller of
an EJB, only who is allowed to access homes and such.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.dreambean.com
Question reality
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
