Hello, in my environment I have a servlet which act as an EJB Client. The servlet uses BASIC authentication. But the call to the EJB should use another principal. As far as I understand the servlet spec, <run-as> can be used to do such things. Here is a snippet from my web.xml file
<servlet> <servlet-name>EjbClientServlet</servlet-name> <display-name>EjbClientServlet</display-name> <servlet-class>examples.servlet.EjbClientServlet</servlet-class> <run-as> <role-name>tomcat</role-name> </run-as> </servlet> <servlet-mapping> <servlet-name>EjbClientServlet</servlet-name> <url-pattern>/EjbClientServlet</url-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>WRCollection</web-resource-name> <url-pattern>/EjbClientServlet</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Default</realm-name> </login-config> <ejb-ref> <ejb-ref-name>EjbCaller</ejb-ref-name> <ejb-ref-type>Session</ejb-ref-type> <home>examples.ejb.session.ejbCaller.EjbCallerHome</home> <remote>examples.ejb.session.ejbCaller.EjbCaller</remote> </ejb-ref> I don't understand how the mapping to the principal is made that is propagated to the EJB. I assume I have to configure something in the configuration files of tomcat. Unfortunately I could not find documentation about this. Any help is appreciated. Cheers Karin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]