Hi Ian.
Thanks for the response :)
> Usually, for web-based applications where users can
> self-register and thereby
> gain access to their own account data, sending the user name in as the
> UserPrinciple doesn't work because the server will not
> recognise it, while
> sending a role as the UserPrinciple requires another means of
> passing the actual
> user name.
The users will not be able to register themself. The customer is a rather
large governement (sp?) agency, and the users has to exist before they can
use the system. The reason for using the unique userid in the EJB-tier, as I
have stated before, is to know who did what, and fire that person if
anything goes wrong <smile>. We are dealing with quite a lot of confidential
material in the database.
> I tell my clients that processing using the names of
> customers/prospects is
> "Customer Relationship Management", and server security
> facilities have not been
> designed to do CRM. Hence sending the user identity as an
> explicit parameter on
> requests is alright.
I agree that the user might be sent as a parameter to the first EJB in the
EJB-tier, but I would like any subsequent calls between EJB's in the tier to
transfer the user-identity as well... I guess what I'm looking for is some
kind of "ejbContext.getPrincipal().getExtendedData()" <smile>. If I was to
include the userid as a parameter I would have to include this parameter in
*every* method used within the EJB-tier (!).
> I realise that this is exactly what you thought of doing
> yourself, but perhaps
> I've made you feel a little better about doing it?
Absolutly - tanx for your input!
/Anders
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
