Hi,
Question,
By using JNDI are you using the
env.put(Context.INITIAL_CONTEXT_FACTORY,
"weblogic.jndi.WLInitialContextFactory");
env.put(WLContext.PROVIDER_URL,
"t3://weblogic:7001");
env.put(WLContext.SECURITY_AUTHENTICATION "simple");
env.put(Context.SECURITY_PRINCIPAL, "javaclient");
env.put(Context.SECURITY_CREDENTIALS,
"password");
way of passing in security credentials?
If so the container will authenticate you against the
containers security realm and you will be able to
access you security information from the
SessionContext.
SessionContext.getCallerPrincipal();
SessionContext.isCallerInRole
methods. Or are you doing something else?
I have seen some projects were the method way of
passing security information is favored as it allows a
stateless and therefore more scalable application
model. Of course at the price of having to remember
to always pass the security information.
David
PS. The Weblogic documentation recommends the use of
JAAS now to pass security credentials instead of the
old JNDI way.
--- Vijay Guda <[EMAIL PROTECTED]> wrote:
> I am required to write a security feature where in
> i need to authenticate user at web tier in a
> servlet, and again i need to acertain user
> credentials at ejb tier , in a sesion bean. (Iam not
> using declarative security mechanism that generally
> uses deployment tools supplied by vendor)
>
> For this i need to pass/propagate the security
> context from one tier/server to another tier/server.
> In my example, its from web server to application
> server.
>
> One way is to pass this data as parameter in every
> remote call to the session beans' methods.
>
> Other way is to use JNDI. But how to access the
> security context for a user from JNDI without
> passing the key as parameter to bean's method.
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff EJB-INTEREST". For general
> help, send email to
> [EMAIL PROTECTED] and include in the body of the
> message "help".
>
=====
David J. Jones, <[EMAIL PROTECTED]>,
Virgin Mobile USA,
8th Floor,
22 Fourth Street,
San Francisco,
CA, 94103, Work: 415 932 5470.
USA. Fax: 415 358 4999.
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
