> The issue wheather JAAS is gonna get integrated into J2EE or not has been on
> discussion on this or the j2ee-list. Also I've read somewhere that it is
> gonna be integrated.
It's part of JSR-58 for the J2EE 1.3.
arkin
>
> <vendor>
> WebLogic 5.0 is gonna support the latest J2EE-specs. I have downloaded the
> beta but haven't got the time to evaluate yet. If you just want to play
> around I strongly recommend the Orion-Server (www.orionserver.com). Nice!
>
> In WebLogic (at least 4.5) there are some undocumented (or at least I can't
> find the javadocs, but I might be an incompetent documentation-reader)
> feature for doing exactly what you want. It's called something like
> weblogic.security.ServletAuthenticator or something. I think there might be
> an example somewhere as well. Browse around with a decompiler and I'll think
> you will learn things.
>
> I've gotten what you're talking about to work on WebLogic 4.5. Of course
> this is WebLogic-specific.
> </vendor>
>
> > -----Original Message-----
> > From: A mailing list for Enterprise JavaBeans development
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Laird Nelson
> > Sent: Monday, February 14, 2000 3:08 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: How to get a container to know what Principal iscalling it?
> >
> >
> > Rickard �berg wrote:
> > > No no no, you never ever use JNDI to authenticate EJB callers. It won't
> > > work.
> >
> > Good; I was beginning to think it was just me. :-)
> >
> > > What *is* a good way to do this is to use a thread-based scheme such as
> > > JAAS. For now security authentication is proprietary, and is indeed the
> > > by far biggest hole in the whole J2EE area, but once JAAS becomes used
> > > this should clear up (I hope, fingers crossed).
> >
> > I'm going to entreat others on this list again. If I have a piece of
> > HTML that looks like this:
> >
> > <form name="loginForm" method="get"
> > action="http://my.server.com/servlets/LoginServlet">
> > <input type="text" name="username">
> > <input type="password" name="password">
> > </form>
> >
> > ...then how should my LoginServlet indicate either to its container or
> > to the EJB container or, preferably, both, that the value of "username"
> > is the name of the current user? I fail to see how this is possible at
> > the moment. FWIW, I'll be using WebLogic.
> >
> > This seems like an absurdly simple issue to have been completely missed
> > in the EJB specification, but after three weeks of not hearing any
> > answers on this, I'm beginning to believe, jaw agape, that perhaps
> > someone really never actually attempted this scenario.
> >
> > Cheers,
> > Laird
> >
> > ==================================================================
> > =========
> > To unsubscribe, send email to [EMAIL PROTECTED] and include
> > in the body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
