Rajeev Dave wrote: > Here how/where will the client get a chance to specify what is his > username/password.
He doesn't, and there's no need to. See JAAS for specifics. > He is just getting it from the factory and the factory > has already got a EJBHome object sitting in a hashtable which is what is > returned. Correct. > Note here that the factory will have specified a UID/Pass while > getting home object for the first time. Why? What is the reason for doing that, and how would that information be used? > Am I missing something here. Please excuse me if it is something very > trivial but let me know what it is... What you are missing is that authentication is not handled through JNDI. There were some implementations that did this (Sybase if IIRC), but that was inherently unsafe and not very logical. That mechanism tries to use the JNDI security for things that it wasn't designed for. Currently one would instead use either JAAS or some proprietary means of authentication, specific to each vendor. Such a proprietary mechanism would however not rely on JNDI security as that is simply not a good idea. HTH, Rickard -- Rickard �berg Author of "Mastering RMI" Chief Architect, TheServerSide.com The Middleware Company - We Build Experts! =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
