struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcelo Vanzin <>
Subject Re: Security Solution
Date Wed, 03 Apr 2002 20:33:52 GMT

	I have interesting news regarding security X EJBs, at least from the 
WebLogic camp. :-)

	Since Tomcat did not propagate the authenticated user (even with 
container manager security), I asked BEA support about this issue and 
got some light from them. :-)

Craig R. McClanahan wrote:
>>I have heard some speak about ejb as thought they need the container-managed
>>security. This might be so. I don't know. I am hoping that someone might be
>>able to provide that functionality.
> The EJB layer *absolutely* requires container managed security. 

	This is not true, at least speaking from the scenario of a Tomcat (or 
whatever other) client talking remotely to a Weblogic server.

	When instantiating the InitialContext, you can put in the environment the 
property Context.SECURITY_CREDENTIALS to be an instance of T3User (the 
Weblogic user implementantion), that has name and a "credential" object 
(that is treated in the Weblogic security realm, depending on what it is).

	So, all you need is a username and a password, regardless of where they 
come from.

Marcelo Vanzin
Touch Tecnologia
"Life is too short to drink cheap beer"

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message