Thanks for your reply. Most probably, you are talking
about Servlet 2.3 .In 2.0 it's not there, as far as I
know. But even then if we want to call the EJB , we
also require the credentila to be supplied at the time
of EJB Home find, for setting the environment
properties of the jndi Context. How can this be done ?
Pls do suggest. Because user will be needed to
authenticate for calling the EJB.
Thanks and Regards,
Sudarson
--- Alex Paransky
<[EMAIL PROTECTED]> wrote:
> In your JSP code:
>
> After authentication
> HttpServletRequest.getUserPrincipal returns the
> principle of authenticated user.
>
> Inside of an EJB use EJBContext.getCallerPrincipal()
> to find out who is
> making the call.
>
> -AP_
>
> -----Original Message-----
> From: A mailing list for Enterprise JavaBeans
> development
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> sudarson roy pratihar
> Sent: Wednesday, July 25, 2001 11:52 PM
> To: [EMAIL PROTECTED]
> Subject: How usefull is ACL in EJB in
> web-application development??
>
>
> Hi All,
>
> The ACL in EJB specificies the authorization for
> method calls. So that can be very usefull so that we
> can give some access to somebody and something to
> other.EJB server identifies the user by the
> prinicipal
> nad credential passed to the server.
>
> In typical web-application, this type of requirement
> is very common. In web scenario, the authetication
> information actually gives these information from
> login of the user to the web application. The login
> can be easily done by securying servelt/jsp using
> j2ee
> web-application's web.xml. But my question how can
> we
> use this information which user feeds during login
> to
> lookup the EJBHome ? If we can't use it, then how
> far
> this ACL in EJB is usefull ?
>
> As far as Oracle's OC4J is concerned their metalink
> people simply told that this can't be done in
> present
> version. Anyone of you can pls tell me whether this
> can be done in famous EJB servers weblogic,
> websphere
> and iplanet etc ? If it can't be done, then how can
> we
> use it or how is it going to be usefull?
>
> Secondly, if the user's authorization is thru SSL ,
> then what will be the scenario ?
>
> Any comment on this is welcome.
>
> Thanks and Regards,
> Sudarson
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff EJB-INTEREST". For general
> help, send email to
> [EMAIL PROTECTED] and include in the body of the
> message "help".
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
