hi thanks for the reply. I still have a query. In page: 501 of "Enterprise JavaBeans" by OReilly, it says "MDBs must always have a runAs security identity specified". Is this a mistake ? Or did I understand the concept in a wrong way ? Thank You seema
Sun Certified Java Programmer<br />Sun Certified Web Component Developer<br />Sun Certified Business Component Developer
The O'Reilly book compares the use of the <run-as> and <use-caller-identity> elements. As an MDB has no knowledge of the identity of its caller, it cannot use <use-caller-identity> and can only use <run-as>. However, if the MDB never calls another EJB, or only calls methods with no security check, there is presumably no point in declaring <run-as>.
SCJP, SCWCD, SCBCD
When it is used for evil, then watch out! When it is used for good, then things are much nicer. Like this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!