|DS> it should work thread based, so the principal/credential should be
|DS> ThreadLocal on the client side too.
|Why? A client with multiple identities? Schizophrenic????
tss tss Oleg you should know better ;-) this stuff is going to call "bean to
bean" and I need the same security on the server side... the server side is
*bound* to be schizophrenic.
example: I can call an "admin" bean that looks at the statistics on a give
bean and spawn new containers in my cluster if necessary (yes it IS coming
:))) for that I want to login as "system" user and that stateful bean will
then call the different parts of the server probably modeled as entities
(persistent state of the server application whatever) and that identity
needs to be propagated to the other bean.
B2B needs security inVM not just client server, in fact I assume the
integrated stacks will require that really quick
marc
