My stumbling block at this point is how to pass the HTTP authentication info down to
the service object itself (the target object). My pluggable provider grabs it from the
HTTP headers, but once it locates and invokes the service, the info is lost. I don't
know of any way to hand off a security context to a web service :( I am trying to
avoid making username & password as parameters to every method on my web service.
Simply restricting access is not my goal, as the user's identity is a critical part of
my business logic.
- Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
