• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Identity propagation from web-tier to ejb-tier

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I would like to know how authenticated user information (username, Principal etc) is propagated from web-tier to ejb-tier. web app and ejb components can be deployed in seperate physical servers in network. web app code just gets the home object from JNDI tree to make calls on ejb components, So I don't see any place where the identity propagation happens - somebody please throw some light.

Also when a user is authenticated and identified where does this information stored? I guess request object, since it provides a getUserPrincipal() like methods in request object.

If so, in case if I use my own custom authentication mechanism, how can I set the authenticated user information so that declarative security take effect in web tier and ejb tier?
 
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

So I don't see any place where the identity propagation happens



Heres an example:



Hope this helps,
 
Kalaivanan Durairaj
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, Thanks for the reply. Context parameters are for accessing the JNDI service. This may not be the pricipal and password user used to login to the web tier. I browsed EJB spec section 19.8 "Security Interoperatability" and found some information. Thanks.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic