THE PROBLEM
1) The user calls servlet xyz from a browser...The servlet does this and
that
2) User is not authenticated
3) The request is served by App Server xyz.
4) An HTTPSession is created
5) At this point we run getSessionValue method and it is
seen that the HTTPSession has session owner anonymous. We get the
values for the session
6) The servlet calls then a session EJB, which is secured for use by
"everyone" and it is running as wasadmin. The EJB does this and that.
7) The EJB returns control to the servlet
8) At this point then we run getSessionValue method. The
session owner has now been changed to "kwpdir01:389/wasadmin"
9) Values are now retrieved from the httpsession object (from within the
servlet) and this results in an unauthorizedException being thrown
any help appreciated;....
Gareth
Get your FREE download of MSN Explorer at http://explorer.msn.com
=========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
