1. Container enforces bean level security. getCallerPrincipal() can be used
for application level security. for example, if you want to log the changes
made by any user, you can use this..
2. if container does not enforce security, then getCallerPrincipal() will
throw an exception (Not implemented)
3. you need to supply the credentials to do the lookup if security is
enforced.
- Madasamy
> -----Original Message-----
> From: Kenneth D. Litwak [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 23, 2000 10:14 AM
> To: [EMAIL PROTECTED]
> Subject: Security
>
>
> If security is meant to be achieved solely by the
> container, and mehtods like
> getCallerPrincipl() are not designed forsecurity enforcement,
> what good are
> they? Does the container read the secuirty info and by
> itself decide who gets
> to call amethod? What is the normal way to establish a list
> of principals and
> roles? I've only used a couple of EJB containers, including
> the RI, and I
> don'tsee any tools for that there. Thanks.
>
>
> Ken
>
> ==============================================================
> =============
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff EJB-INTEREST". For general help,
> send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
