Hi!
"Kenworthy, Edward" wrote:
> Really ?
Really ;-)
> Wow and ouch, I thought it worked like this:
>
> 1/ get initial context, sets up caller principle.
> 2/ lookup bean.
> 3/ try and invoke a method, app server checks caller principle for
> permission.
>
> If it works like this, then passing around a reference isn't a problem as it
> will use your permissions, not any associated with the reference.
Depends on what you mean by "sets up caller principal" (note spelling
BTW). What is it's scope? The thread? The JVM? The current context
classloader? The threadgroup? All valid options, in some sense, but with
wildly different semantics.
> Anyone, assuming you're right ;-), how do I "log-on" to the app server ?
1) Use some proprietary mechanism
2) Use J2EE-valid client containers, i.e. servlets, which has a standard
authentication method
3) Use JAAS
/Rickard
--
Rickard �berg
Email: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
