Hi all,
I have always wonder why EJB's Application Security Interface has only
public interface EJBContext
{
...
public getCallerIdentity/Pricipal();
public isCallerInRole(Identity/Pricipal role);
...
}
Is this sufficient for Security-aware applications? What about if an
application
wants to know what are those valid Roles for current caller, e.g. has a
method:
public getRolesForCaller()
Can any one to comment on this?
cheers
chuck
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
