When you do a login from within a servlet you are creating a new security context that is not associated with the session. If you want unsecured web content to establish a security context to use for ejb calls then you would have to write your own filter that re-established the security context based on the session id on every servlet request.
Ionel Gardais wrote:
Ok, I read it.
Isn't it possible for the LoginContext to persist as long as the session ?
Here it creates a new LoginContext on each call to the servlet.
ionel
Scott M Stark wrote:
No, that works fine as propagation from the servler
to the ejb container is supported provided you use
the right login module. See the org.jboss.test.web.servlets.ClientLoginServlet
in the testsuite module for an example.
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
-- xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
