Hi,
I've never used EJB so have no idea what this means, can someone explain please?
"When SecurityFilter is used, a user's Principal will not automatically be propagated to EJB calls. If this is a requirement for your application, you may not be able to use SecurityFilter."
If you don't use EJB, then it's not an issue for you, but part of the appeal of container managed security is that it makes the same java.security.Principal (representing the authenticated user) available to both the servlet and the EJB layer code.
I haven't used SecurityFilter before, but it looks handy. My main issue with Container Based auth is its inability to support user-initiated login -- it only works by intercepting a request for a normal resource and then challenging for login.
Joe
--
Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "Narrow minds are weapons made for mass destruction" -The Ex
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
