statefull session bean falling back to unauthenticated
posted 15 years ago
Hi, My project applied about the same architecture as Sun's Petstore 1.1.2 app. We use a statefull session bean (SFSB) as a "Client Controller" to maintain state. Our problem is that the SessionContext principal isn't maintained between HTTP requests : it is lost on the second request, the first one after creating the SFSB. Of course, my servlet is unauthenticated, all our authentication is done on the SFSB. It seems that web unauthentication is in some way "transmitted" to the EJB tier. Am I right ? I'm using WL 5.1 . Also another question : I'm a bit confused about what to keep on the web tier in order to have a handle on the statefull. In Petstore, the reference kept in the HTTPSession is the EJB remote reference (in fact just the return of the create() method). It's not a javax.ejb.Handle, although it seems that it is the recommended way to do this. Thanks a lot.