Re: How does the container authenticate user identity?

Wed, 25 Apr 2001 06:20:43 -0700 

with weblogic when you obtain the initial context you can supply the
credentials; weblogic will then authenticate against the appropriate realm.
if you have a servlet/jsp layer you can authenticate there and your identity
will propagate to the ejb.  look at their security documentation, they have
a sample form base login example.  authentication realms can be their
default static file based or through windows, unix, ldap or your own db.

tinou

----- Original Message -----
From: "Ashutosh Gupta" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 5:06 AM
Subject: [EJB-INT] How does the container authenticate user identity?


> Hi,
>
>      I am trying how to grant permissions on methods using security
declarations in
> deployment descriptior. I have created a role say "Manager" and granted
permissions to
> methods say "addAccount()", "addDeposits" etc on my sessionBean. I have
added
> identities/principals to these roles. In weblogic inside
weblogic-ejb-jar.xml
>     <security-role-assignment>
>       <role-name>manager</role-name>
>       <principal-name>kennedy</principal-name>
>     </security-role-assignment>
> But I wonder, how the conainer will authentcate the user whether he/she is
"kennedy" or
> not. I think there need to be some logon screen through which user can
enter his
> principal-name/identity and/or user password.How these things will this be
passed to the
> container for authentication. Please let me know, how this thing can be
done in EJB
>
> With thanks and regards,
> Ashutosh Gupta
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to