Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Servlet container -> EJB container user credentials delegation

3 views
Skip to first unread message

Tero Paananen

unread,
Mar 8, 2002, 11:33:08 AM3/8/02
to
Using BAS 4.5 with Tomcat 3.2 through JBuilder.

I'm working on a typical web application architecture,
servlets using EJBs to hit the database and forwarding
to JSPs. Nothing fancy.

The EJBs need to be able to have programmatic security
checks at various places, according to the security
requirements.

We're using j_security_check with CustomDB on the
servlet container and that's working just fine.

We then want to delegate those user credentials to
the EJB container. And that's when we're running into
problems, like everyone else, it seems.

The user credentials are only passed onto the EJB
container once, the first time the credentials are
delegated. All subsequent calls to delegateUPprincipal()
will not delegate anything to the EJB container.

This seems to be the way BAS has been designed, for
some reason.

Now, that's not exactly a solution we have in mind.
So, my question is, how the hell should we be doing
J2EE Security on an EJB container?

Should we set up the user credentials at every EJB,
individually, every time they are being used? That
would kill the performance, me thinks.

Should we pass user credentials in some other way?
How?

Any other options?

"You can do this with the next release" is not an
option for us, unless it's coming out tomorrow and
can be plugged in to JBuilder with no problem.

-TPP

0 new messages