Ok, I think I'm with you, and that its ok. So if the asynchronous service only retains the client identity, and then lets the server assign the context for the call based on that identity that would be acceptable you think? That certainly satisfies my requirements.
thanks again, dim On Mon, 15 Oct 2001, Scott M Stark wrote: > All a client can do is establish an authenticated identity. The server > assigns the security context based on the client identity. Perhaps this > will change in the future as I look more at the EJB 2.0 security > interoperability support. > > > > The asynchronous service must behave as any other EJB client as it is > > > operating outside of the bounds of the application server controlled > > > envrionment and so should not receive the security context of the EJB > > > that called it. > > > > I see what you're saying, perhaps there's a better way to do this. So if > > a thin browser client wants to perform an operation asynchronously, what > > would be the best way to go about it without losing security > > context? > > > > thanks, > > dim > > > > > > > > > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
