Originally posted by R Krishnan:
Wont the same JNDI switching be required in the case of web clients.
The answer is two-fold.
1. Not really. Your Web component can run some Fast LaneReaders bypassing the EJB tier. The basic search operations should allow unauthenticated access to this. The Swing app on the other hand must use EJB for anything, therefore must get InitialContext for everything.
So this answers questions posed by FBN spec.
2. More generally, I am not quite sure. Suppose you have 2 Web components: one is configured to run as anonymous and another as 'athenticated.user'. The anonymous component creates the InitialContext with 'anonymous'-security context that is propagated to target beans. Now, the user accesses the protected web resource, gets authenticated thereby changing his security context. At this point the question is whether or not the new security context will be propagated to beans via the established InitialContext. I suspect that No, but if anyone cares to run some tests I'd be interested to hear the results.
[ May 17, 2002: Message edited by: Gennady Shapiro ]