A third option might be to use stateful session beans, and create them using credentials gained in the web tier... but its hardly a desirable one. may I ask why you're not using container based security at the web tier?
cheers dim On Mon, 10 Dec 2001, Vijay Guda wrote: > I am required to write a security feature where in i need to > authenticate user at web tier in a servlet, and again i need to > acertain user credentials at ejb tier , in a sesion bean. (Iam not > using declarative security mechanism that generally uses deployment > tools supplied by vendor) > > For this i need to pass/propagate the security context from one > tier/server to another tier/server. In my example, its from web server > to application server. > > One way is to pass this data as parameter in every remote call to the > session beans' methods. > > Other way is to use JNDI. But how to access the security context for a > user from JNDI without passing the key as parameter to bean's method. > > =========================================================================== > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff EJB-INTEREST". For general help, send email to > [EMAIL PROTECTED] and include in the body of the message "help". > > =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
