If security is meant to be achieved solely by the container, and mehtods like
getCallerPrincipl() are not designed forsecurity enforcement, what good are
they? Does the container read the secuirty info and by itself decide who gets
to call amethod? What is the normal way to establish a list of principals and
roles? I've only used a couple of EJB containers, including the RI, and I
don'tsee any tools for that there. Thanks.
Ken
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
