Return-Path: Delivered-To: apmail-jakarta-struts-user-archive@apache.org Received: (qmail 29786 invoked from network); 3 Apr 2002 20:35:25 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 3 Apr 2002 20:35:25 -0000 Received: (qmail 4956 invoked by uid 97); 3 Apr 2002 20:35:10 -0000 Delivered-To: qmlist-jakarta-archive-struts-user@jakarta.apache.org Received: (qmail 4920 invoked by uid 97); 3 Apr 2002 20:35:09 -0000 Mailing-List: contact struts-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list struts-user@jakarta.apache.org Received: (qmail 4909 invoked from network); 3 Apr 2002 20:35:09 -0000 Message-ID: <3CAB6730.60702@rededc.com.br> Date: Wed, 03 Apr 2002 17:33:52 -0300 From: Marcelo Vanzin User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9+) Gecko/20020328 X-Accept-Language: fr, en, pt-br MIME-Version: 1.0 To: Struts Users Mailing List Subject: Re: Security Solution References: <20020402134857.G53443-100000@icarus.apache.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I have interesting news regarding security X EJBs, at least from the WebLogic camp. :-) Since Tomcat did not propagate the authenticated user (even with container manager security), I asked BEA support about this issue and got some light from them. :-) Craig R. McClanahan wrote: >>I have heard some speak about ejb as thought they need the container-managed >>security. This might be so. I don't know. I am hoping that someone might be >>able to provide that functionality. > > The EJB layer *absolutely* requires container managed security. This is not true, at least speaking from the scenario of a Tomcat (or whatever other) client talking remotely to a Weblogic server. When instantiating the InitialContext, you can put in the environment the property Context.SECURITY_CREDENTIALS to be an instance of T3User (the Weblogic user implementantion), that has name and a "credential" object (that is treated in the Weblogic security realm, depending on what it is). So, all you need is a username and a password, regardless of where they come from. -- []'s Marcelo Vanzin Touch Tecnologia vanza@rededc.com.br "Life is too short to drink cheap beer" -- To unsubscribe, e-mail: For additional commands, e-mail: