Rickard �berg wrote:
> No no no, you never ever use JNDI to authenticate EJB callers. It won't
> work.
Good; I was beginning to think it was just me. :-)
> What *is* a good way to do this is to use a thread-based scheme such as
> JAAS. For now security authentication is proprietary, and is indeed the
> by far biggest hole in the whole J2EE area, but once JAAS becomes used
> this should clear up (I hope, fingers crossed).
I'm going to entreat others on this list again. If I have a piece of
HTML that looks like this:
<form name="loginForm" method="get"
action="http://my.server.com/servlets/LoginServlet">
<input type="text" name="username">
<input type="password" name="password">
</form>
...then how should my LoginServlet indicate either to its container or
to the EJB container or, preferably, both, that the value of "username"
is the name of the current user? I fail to see how this is possible at
the moment. FWIW, I'll be using WebLogic.
This seems like an absurdly simple issue to have been completely missed
in the EJB specification, but after three weeks of not hearing any
answers on this, I'm beginning to believe, jaw agape, that perhaps
someone really never actually attempted this scenario.
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
