Thanks for the reply. First I would like to clarify,
that I'm not focused to oc4j or orion as such, I have
just sited an example. We can discuss the thing for a
any J2ee compliant server. As u have said, that for
web application it's not neccesarry to pass the
environment properties like new InitialContext(p), I'm
not sure about this and will test against an EJB with
restricted access and get back to you. If it works,
then everything is fine, because that itself will
propagate the authentication information to EJB.
Regarding cluster also, I have to test.
Thanks and Regards,
Sudarson
--- Alex Paransky <[EMAIL PROTECTED]> wrote:
> Oracle's Oracle9i Application Server (aka
> OrionServer from
> www.orionserver.com) should support the Servlet 2.3
> API. As far as
> authentication is concerned I believe (I have not
> tried this), that since
> the same user manager is used, that the identity of
> the authenticated WEB
> user is propagated into the EJB environment. Thus
> you should have user's
> identity when you are doing an EJB find. If you are
> talking about setting
> the environment properties to new InitialContext(p)
> API, you should not have
> to do this. From your WEB application simply create
> a new IntialContext(),
> without any arguments and it should work.
>
> If you have split your WEB and EBJ applications into
> different servers, and
> thinking that you can use new InitialContext(p)
> similarly to the way you do
> it from ApplicationClient, you cannot. There are
> other means of telling a
> J2EE server, that it's running in a cluster.
>
> -AP_
>
> -----Original Message-----
> From: A mailing list for Enterprise JavaBeans
> development
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> sudarson roy pratihar
> Sent: Saturday, July 28, 2001 5:36 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How usefull is ACL in EJB in
> web-application development??
>
>
> Thanks for your reply. Most probably, you are
> talking
> about Servlet 2.3 .In 2.0 it's not there, as far as
> I
> know. But even then if we want to call the EJB , we
> also require the credentila to be supplied at the
> time
> of EJB Home find, for setting the environment
> properties of the jndi Context. How can this be done
> ?
> Pls do suggest. Because user will be needed to
> authenticate for calling the EJB.
>
> Thanks and Regards,
> Sudarson
>
> --- Alex Paransky
> <[EMAIL PROTECTED]> wrote:
> > In your JSP code:
> >
> > After authentication
> > HttpServletRequest.getUserPrincipal returns the
> > principle of authenticated user.
> >
> > Inside of an EJB use
> EJBContext.getCallerPrincipal()
> > to find out who is
> > making the call.
> >
> > -AP_
> >
> > -----Original Message-----
> > From: A mailing list for Enterprise JavaBeans
> > development
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > sudarson roy pratihar
> > Sent: Wednesday, July 25, 2001 11:52 PM
> > To: [EMAIL PROTECTED]
> > Subject: How usefull is ACL in EJB in
> > web-application development??
> >
> >
> > Hi All,
> >
> > The ACL in EJB specificies the authorization for
> > method calls. So that can be very usefull so that
> we
> > can give some access to somebody and something to
> > other.EJB server identifies the user by the
> > prinicipal
> > nad credential passed to the server.
> >
> > In typical web-application, this type of
> requirement
> > is very common. In web scenario, the authetication
> > information actually gives these information from
> > login of the user to the web application. The
> login
> > can be easily done by securying servelt/jsp using
> > j2ee
> > web-application's web.xml. But my question how can
> > we
> > use this information which user feeds during login
> > to
> > lookup the EJBHome ? If we can't use it, then how
> > far
> > this ACL in EJB is usefull ?
> >
> > As far as Oracle's OC4J is concerned their
> metalink
> > people simply told that this can't be done in
> > present
> > version. Anyone of you can pls tell me whether
> this
> > can be done in famous EJB servers weblogic,
> > websphere
> > and iplanet etc ? If it can't be done, then how
> can
> > we
> > use it or how is it going to be usefull?
> >
> > Secondly, if the user's authorization is thru SSL
> ,
> > then what will be the scenario ?
> >
> > Any comment on this is welcome.
> >
> > Thanks and Regards,
> > Sudarson
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute
> > with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> >
> >
>
===========================================================================
> > To unsubscribe, send email to
> [EMAIL PROTECTED]
> > and include in the body
> > of the message "signoff EJB-INTEREST". For
> general
> > help, send email to
> > [EMAIL PROTECTED] and include in the body of
> the
> > message "help".
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff EJB-INTEREST". For general
> help, send email to
> [EMAIL PROTECTED] and include in the body of the
> message "help".
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff EJB-INTEREST". For general
> help, send email to
> [EMAIL PROTECTED] and include in the body of the
> message "help".
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
