Hey
Tom Cook wrote:
> We have an app which runs in weblogic, and I'm supposed to be making
> it run in JBoss. The app's stateful session bean uses
> SessionContext.getCallerPrincipal() to determine which user is logged
> on.
>
> On the client side, a servlet determines which user the user is
> trying to log on as, and then does this:
>
> String _initContextOverride = ...;
> String _url = ...;
> String _username = ...;
> String _password = ...;
>
> Context ctx = null;
> Properties h = new Properties();
> if (_initContextOverride != null)
> h.put(Context.INITIAL_CONTEXT_FACTORY, _initContextOverride);
> h.put(Context.PROVIDER_URL, _url);
> h.put(Context.SECURITY_PRINCIPAL, _username);
> h.put(Context.SECURITY_CREDENTIALS, _password);
> ctx = new InitialContext(h);
>
> and that's how it transmits the login information to the bean.
Assuming that JNDI security has anything to do with EJB security is a
big mistake. It does not. It is only related to reading/writing the JNDI
namespace, nothing more.
> >From what I've heard on this list, this is not likely to work with
> jboss as our EJB container. Now, my question is: have we picked a
> really bad/non-standard/unusual/whatever way of doing this?
Yes!
> Is there
> a 'standard' mechanism for making ctx.getCallerPrincipal() return the
> correct thing?
No, not yet. I.e. there is no standard for setting the client principal
yet. If your client is a web client then it will work since you will use
the web authentication, but if you're in a standalone client you must
use proprietary login functionality (note that stand-alone applications
as clients in general is not supported until just recently). The
standard way to do this *in the future* will be to use JAAS.
/Rickard
--
Rickard �berg
Email: [EMAIL PROTECTED]
http://www.telkel.com
http://www.jboss.org
http://www.dreambean.com
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
