Hello,
I've encountered a little problem during creation of a standard ejb application
framework, and I need a little help on this one.
It's about the security layout of my framework: Security check is performed
on the ejb containter tier (as it should), and authentication is performed
when a client creates an InitialContext():
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.PROVIDER_URL,"rmi://xxx.xxx.xxx.xxx:23791/app");
env.put(Context.SECURITY_CREDENTIALS,"test");
env.put(Context.SECURITY_PRINCIPAL,"test");
InitialContext ic = new InitialContext(env);
<access a test ejb here>
The above code snippet works correctly from a simple application client: The
server invokes my custom UserManager wheter user has privileges for accessing
jndi, and then checks permissions correctly on ejb methods. According to the
ejb context the principal is 'test' (all works correctly).
But the same code from a servlet produces a strange behavior: It seems that
the environment `env' is totally ignored (even if I give a wrong ip to
PROVIDER_URL), my UserManager receives no calls to any methods, but the ejb
is still accessed, and returns principal 'guest', though there is no guest
user.
Why doesn't that work, is it because it runs in the same JVM? But why would
that matter? Why does it ignore Context environment? It seems, that the
default UserManager is accessed (because it returns 'guest'), even this is
a mystery to me, since the other client goes through my UserManager.
Thank you in advance, for you help.
Bye.
Robert.
