> A somehow closely related other question is how do I correctly work with
EJB
> security from client in servlet mode. I know how to login using
> LoginContext, but how do I process further requests from the same user --
I
> suppose I should not authenticate the user once more. But how does jBoss
> then know, which security context to accociate calls with?
We use the embedded Tomcat configuration with jBoss-2.0.
Authentication through web-clients works, but authorization
for EJB-access is broken; ie, once a user has logged in through
a servlet, he pretty much has wholesale access to EJBs, regardless
of what roles-based restrictions have been set up. (However,
for application-clients, the authorization reportedly works fine.)
No one yet has stepped forward to agree with the bug,
or even to explain the problem. Anyone?
Charlie
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
