Laird Nelson wrote:
>
> But what happens if you stash that new InitialContext away somewhere?
> Now if someone else gets hold of that context, it will produce bean
> homes that are initialized with the first guy's identity (in violation
> of the JNDI and EJB 1.1 specifications)! Here's a walkthrough example:
>
> ... [Superman gets destroyed]
EJB 1.1 doesn't specify any standard method for username/password authentication
for IIOP. EJB 2.0 will fix this by specifying the use of the relevant pieces
from the CSIv2 CORBA security standard. In the mean time, if a vendor chooses
to associate the username/password information with a home reference that was
obtained from a JNDI context (using the JNDI credentials), I don't have a
problem with that.
So basically, I would suggest that the behaviour that you object to is a
reasonable vendor-workaround to the deficient EJB 1.1 / IIOP security
specifications.
_______________________________________________________________________________
Evan Ireland Sybase EAServer Engineering [EMAIL PROTECTED]
Wellington, New Zealand +64 4 934-5856
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
