John Ellis wrote:
>
> Christophe,
>
> Thanks for your reply, but I am still a bit confused. I was searching <all> the
> source code to find where the propigation was being done. I couldn't find it.
> Also, I am not as interested in making it work now (I have a workable solution
> for the present) but in making sure I understand (and can maybe influence) the
> eventual direction of authentication in JOnAS in general. It seems that you are
> making the assumption that all clients are the source for the secrutiy and are
> secure themselves (which is the case for a Tomcat client, but not a thick Java
> Application client or an Applet). Another point of clarification is that I
> don't care about security on methods, but I do care that the
> "getCallerPrincipal" call returns some valid and authenticated result. These
> direct questions will address my concerns.
>
> 1. When does the SecuritySender and SecurityReceiver get called?
> 2. Is the SecurityContext kept with the bean for the life of
> the bean?
> 3. If this is all tied to threads, how would you handle the situation
> where a thick client logged in to a JNDI Context then passed that
> Context to another thread?
> 4. How does a client VM (seperate from the EJBServer) get the
> SecuritySender, or does it even need one?
>
> Thanks again,
>
> John
Hi John
you will find as attached file a description of how is propagated
the security context in JOnAS with Jeremie.
I hope it will help you.
Best regards,
--
Philippe
Philippe Coq Evidian Phone: (33) 04 76 29 78 49
Bull S.A - 1 rue de Provence - 38432 Echirolles Cedex France
Download our EJBServer at http://www.objectweb.org
jeremie-propagation-security.doc
