Hi!
"Kenworthy, Edward" wrote:
> >1) The username and password you specify when creating an InitialContext
> >have *nothing* to do with authentication or authorisation for EJB
> >access, only for JNDI access. I don't know if JNP has any security
> >features at all.
>
> Actually yes they do. This isn't part of the standard, true - hence my
> question wrt jBoss, but it works like that with all the other AppServers
> I've used.
Which is Bad(tm). As Toby said, unlearn that practice ;-)
> >What it comes down to is that you need to implemented your own security
> >mechanisms for anything more that what the example implementations
> >provide.
>
> Do I take this to mean jBoss doesn't provide any security and you have to do
> it yourself (jBoss just providing the hooks) or have I misunderstood ?
The thing is that this is pretty new functionality, and which hasn't
been properly documented yet. AFAICT (and I haven't used it myself)
there *is* security available if you want to use the default
implementation, which (AFAICT) is similar to the database realm in WL.
regards,
Rickard
--
Rickard �berg
Email: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
