We are implementing a system where http requests will be handled by servlets, the business work will reside in session beans that will talk to entity beans and hence into the database. I am aware that we can set the session beans to "Run As" a user, set the entity beans so only that user may access them and set-up security between the container and the database. My question is, how do I set security so that only the servlets can access the Session beans ? i.e. how do I stop someone connecting directly without using a firewall of some sort ? TIA Ed =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
