>
>5. At any time during the work in the EJB-tier, any EJB should
>be able to
>logg/audit stuff to track the user. The log-entry should be
>mapped to the
>user, 'User1', and not to 'basic-user'.
>
>If 'User2' enters the system, and is also mapped as 'basic-user', the
>log-entry should say 'this was done by User2'.
>
I think this will depend on many things. Your appserver, your webserver,
whether you can do single sign on between the two and the EJB run as mode.
As I understand it getPrincipal returns the name of whom ever called the
current method, now this could be the logged in user or the system or an
identity you specifed. It depends on the how you configure it and how you
call it (from jsp,ejb...), but I don't think it is ever supposed to be a
"ROLE".
I am doing something like you want using Websphere. Websphere support single
sign on. I have the security manager backed by an LDAP server for its
datastore. We store extra user information in the LDAP tree under the user
name. When I want more user info, I just use the name returned from
getCallerIdentity (wepshphere is still ejb 1.0 in too many details) and do
an LDAP lookup to get it.
Rick Hansen
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
