Environment: Weblogic 5.1, EjbSpec 1.1 Sorry for being vendor specific but I am writing on basis of what I have worked with. Also see comments inline
-----Original Message----- From: Rickard [mailto:[EMAIL PROTECTED]] Sent: Friday, February 15, 2002 4:42 PM To: [EMAIL PROTECTED] Subject: Re: EJBHome Factory - Home Object Caching Rajeev Dave wrote: > Here how/where will the client get a chance to specify what is his > username/password. [Rickard]He doesn't, and there's no need to. See JAAS for specifics. [Rajeev] I am not aware if weblocic 5.1 uses this by default > He is just getting it from the factory and the factory > has already got a EJBHome object sitting in a hashtable which is what is > returned. Correct. > Note here that the factory will have specified a UID/Pass while > getting home object for the first time. [Rickard]Why? What is the reason for doing that, and how would that information be used? [Rajeev] if guest login is disabled then some credentials are needed in order to login to weblogic server. right?? That information is not used anywhere except for the purpose of logging in to the server. > Am I missing something here. Please excuse me if it is something very > trivial but let me know what it is... What you are missing is that authentication is not handled through JNDI. There were some implementations that did this (Sybase if IIRC), but that was inherently unsafe and not very logical. That mechanism tries to use the JNDI security for things that it wasn't designed for. Currently one would instead use either JAAS or some proprietary means of authentication, specific to each vendor. Such a proprietary mechanism would however not rely on JNDI security as that is simply not a good idea. HTH, Rickard -- Rickard �berg Author of "Mastering RMI" Chief Architect, TheServerSide.com The Middleware Company - We Build Experts! =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help". ==========================================================================To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
