Oracle's Oracle9i Application Server (aka OrionServer from
www.orionserver.com) should support the Servlet 2.3 API. As far as
authentication is concerned I believe (I have not tried this), that since
the same user manager is used, that the identity of the authenticated WEB
user is propagated into the EJB environment. Thus you should have user's
identity when you are doing an EJB find. If you are talking about setting
the environment properties to new InitialContext(p) API, you should not have
to do this. From your WEB application simply create a new IntialContext(),
without any arguments and it should work.
If you have split your WEB and EBJ applications into different servers, and
thinking that you can use new InitialContext(p) similarly to the way you do
it from ApplicationClient, you cannot. There are other means of telling a
J2EE server, that it's running in a cluster.
-AP_
-----Original Message-----
From: A mailing list for Enterprise JavaBeans development
[mailto:[EMAIL PROTECTED]]On Behalf Of sudarson roy pratihar
Sent: Saturday, July 28, 2001 5:36 AM
To: [EMAIL PROTECTED]
Subject: Re: How usefull is ACL in EJB in web-application development??
Thanks for your reply. Most probably, you are talking
about Servlet 2.3 .In 2.0 it's not there, as far as I
know. But even then if we want to call the EJB , we
also require the credentila to be supplied at the time
of EJB Home find, for setting the environment
properties of the jndi Context. How can this be done ?
Pls do suggest. Because user will be needed to
authenticate for calling the EJB.
Thanks and Regards,
Sudarson
--- Alex Paransky
<[EMAIL PROTECTED]> wrote:
> In your JSP code:
>
> After authentication
> HttpServletRequest.getUserPrincipal returns the
> principle of authenticated user.
>
> Inside of an EJB use EJBContext.getCallerPrincipal()
> to find out who is
> making the call.
>
> -AP_
>
> -----Original Message-----
> From: A mailing list for Enterprise JavaBeans
> development
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> sudarson roy pratihar
> Sent: Wednesday, July 25, 2001 11:52 PM
> To: [EMAIL PROTECTED]
> Subject: How usefull is ACL in EJB in
> web-application development??
>
>
> Hi All,
>
> The ACL in EJB specificies the authorization for
> method calls. So that can be very usefull so that we
> can give some access to somebody and something to
> other.EJB server identifies the user by the
> prinicipal
> nad credential passed to the server.
>
> In typical web-application, this type of requirement
> is very common. In web scenario, the authetication
> information actually gives these information from
> login of the user to the web application. The login
> can be easily done by securying servelt/jsp using
> j2ee
> web-application's web.xml. But my question how can
> we
> use this information which user feeds during login
> to
> lookup the EJBHome ? If we can't use it, then how
> far
> this ACL in EJB is usefull ?
>
> As far as Oracle's OC4J is concerned their metalink
> people simply told that this can't be done in
> present
> version. Anyone of you can pls tell me whether this
> can be done in famous EJB servers weblogic,
> websphere
> and iplanet etc ? If it can't be done, then how can
> we
> use it or how is it going to be usefull?
>
> Secondly, if the user's authorization is thru SSL ,
> then what will be the scenario ?
>
> Any comment on this is welcome.
>
> Thanks and Regards,
> Sudarson
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff EJB-INTEREST". For general
> help, send email to
> [EMAIL PROTECTED] and include in the body of the
> message "help".
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
