Thanks for the feedback. I agree, it does not seem that JSR 149 is going anywhere (not sure why). The only details that I have on the webSphere implementation is their documentation (http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/rprf_workareatune.html for an overview and http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp?topic=/com.ibm.wasee.doc/info/ee/ae/rprf_workareatune.html for an example).
I agree that it sounds weird to add this to the security context although, from a pure JAAS point of view, the session id of an authenticated user can fit the profile of a Subject principal, I think. I am just working around the fact that the full Subject is not available in my EJB code, unless I write my own security interceptor to do a doAs call and use the Subject.getSubject method. But I am not sure how well that will work across EARs and class loaders and I am not sure I want to enable the full blown Java 2 security in my environment. I am also looking for a portable (WebSphere, WebLogic and JBoss) way to make this work. I did not find enough hooks in WebLogic (yet) to implement the Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3859725#3859725 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3859725 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
