I've been reading posts related to this one. I seem to have missed the solution.
Mostly my concern is with the getCallerPrinciple(). Does the Princple returned by
this method automatically equal the Principle created by the Servlet. Somehow I have
to figure out how to set the CallerPrinciple. Did I miss a post?
Alex
On Tue, 22 Feb 2000 16:06:16 -0500, Laird Nelson <[EMAIL PROTECTED]> wrote:
>Assaf Arkin wrote:
>> > Four: if, for any of the above reasons, I end up with a proprietary form-based
>> > authentication, not declarative, how do I set the user principal by myself? This
>> > is necessary, because I still want to know the roles this principal is
>> > associated with; I still want to pass this principal to the EJB calls, etc.
>>
>> The specs does not define a way to do that, yet.
>>
>> > Five: if I still want to use the declarative form-based authentication, but also
>> > want the users to be able to enroll themselves (choose a user ID and password),
>> > how can I insert a new user in the user database and map him to some roles?
>>
>> The specs definitely does not define that. You need to use some
>> proprietary mechanism to add/remove users which is compatible with what
>> you use to authenticate them.
>>
>> (I know. It sucks big time. You are not the first to say "well, how do I
>> update this thing?")
>
>Glad to hear I'm not the only one. :-) This is exactly the same
>problem that I've been boring the list with for weeks now.
>
>Is it just my imagination or...well, I don't want to slam on the people
>responsible for the specification--I understand it's a hard thing to get
>right--but in my mind, when you write a specification for *reading* a
>particular object/string/etc. then you are obligated at the same time to
>write the specification for *writing* that same object/string/etc. So
>if the specification mandates a getCallerPrincipal() call, then you as a
>spec. writer must at least *address* the issue of the implied
>setCallerPrincipal() call, even if it's to say, "We considered X
>approach and Y approach and realized that these won't work. Containers
>must provide a well-documented way for setting the caller principal."
>This specification (and the related Servlet specification) seem to be
>missing this symmetry all over the place.
>
>Cheers,
>Laird
>
> ==========================================================================
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff EJB-INTEREST". For general help, send email to
>[EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
