From: Zerbe John W
> We are currently experimenting with Websphere 1.1 on 0S/390 and will be
> installing 1.2 soon.
> 1.1 runs inside the webserver. This means that if you have the basic
> authentication turned on in the web server,
> the java servlet request threads run with the authorization
> associated with
> the mainframe userid that you logged on to the web server with.
John, I don't believe this is exactly true.
If you protect a page and specify basic authentication, the remote user name
used in authentication is accessible (via
HttpServletRequest.getRemoteUser()) but this is not necessarily a mainframe
userid.
Also at the operating system level the effective userid for the thread is
usually (barring odd configurations) the same as all the other threads in
the web server, not the mainframe userid for the remote user. This is very
relevant if the thread in turn calls JNI, as the effective userid within the
JNI call is also the common web server userid.
All of which makes life just a bit more interesting... :).
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
