• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

3 tiers architecture with WebSphere

 
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to implement 3 tiers where:
1 tier = Web Server(IIS) and Web Container(WAS 4)
2 tier = EJB Container(WAS 4)
3 tier = Database
What I don't understand is that how websphere pass the current authenticated user(from current jsp/servlet session) information to EJB, so that the EJB will know whether the user have permission to run the Bean.
And what happened when I replace the WAS 4 to Tomcat as my Web Container. Can the security information pass from Tomcat to WAS 4 ???
Guys, any idea about this?
 
author
Posts: 3892
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Authentication information in EJBs is passed in WebSphere through the IIOP context on each EJB call. It's transparent to you, so you never encouter it.
The short answer to your second question is that if you replace WAS with Tomcat as the web container then you DON'T pass security information -- Tomcat doesn't know how to do that.
Kyle
 
cb poo
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Too bad. Tomcat cannot pass authenticated information to WAS EJB Container.
Anyway, I found out similar question at http://www.jguru.com/faq/view.jsp?EID=53955
And the implementation between Tomcat as Web Container and WAS 4 as EJB Container at here:
http://www.websphere-world.com/modules.php?name=News&file=article&sid=209
 
Kyle Brown
author
Posts: 3892
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by cb poo:
Too bad. Tomcat cannot pass authenticated information to WAS EJB Container.
Anyway, I found out similar question at http://www.jguru.com/faq/view.jsp?EID=53955
And the implementation between Tomcat as Web Container and WAS 4 as EJB Container at here:
http://www.websphere-world.com/modules.php?name=News&file=article&sid=209



Well, it's not quite as bad as that. I said the short answer was "you can't". The long answer is "you can, but it's a pain in the butt.". Read in the WebSphere InfoCenter about client authentication and you'll find out how you can have a general client application authenticate to WebSphere. It can be done (picking the principal out of Tomcat and then moving it into WebSphere using the WebSphere-specific API) but it's very difficult. My recommendation is DON'T DO THAT! Move the web application to WebSphere's web container and be done with it.
Kyle
 
"To do good, you actually have to do something." -- Yvon Chouinard
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic