I have interesting news regarding security X EJBs, at least from the
WebLogic camp. :-)
Since Tomcat did not propagate the authenticated user (even with
container manager security), I asked BEA support about this issue and
got some light from them. :-)
Craig R. McClanahan wrote:
>>I have heard some speak about ejb as thought they need the container-managed
>>security. This might be so. I don't know. I am hoping that someone might be
>>able to provide that functionality.
>
> The EJB layer *absolutely* requires container managed security.
This is not true, at least speaking from the scenario of a Tomcat (or
whatever other) client talking remotely to a Weblogic server.
When instantiating the InitialContext, you can put in the environment the
property Context.SECURITY_CREDENTIALS to be an instance of T3User (the
Weblogic user implementantion), that has name and a "credential" object
(that is treated in the Weblogic security realm, depending on what it is).
So, all you need is a username and a password, regardless of where they
come from.
--
[]'s
Marcelo Vanzin
Touch Tecnologia
[EMAIL PROTECTED]
"Life is too short to drink cheap beer"
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
