keep discussion on the list, for all to gain from.. On Mon, 10 Dec 2001 [EMAIL PROTECTED] wrote:
> Thanks for ur advice. But with a statefull session bean, it is not possible > for me to make this a generic framework for all j2ee-based applications. > Also this come up with all over-heads that a statefull session bean has. yes, I wouldn't consider it seriously... althought I'm not sure what the problem would be with it, performance aside... > The reason that iam not using container-managed security is that i require > to have a role-based security mechanism which is more dynamic and flexible > than declarative security mechanism. there's no reason you cant use container managed security for authentication, and propagation, but still use your own ACL style checks. Have a look at EJBContext.getCallerPrincipal() hth dim =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
