secure associations


EJB design: secure associations

  1. secure associations (1 messages)

    Reading through the j2ee spec, i found a section called Distributed Security (J2EE.3.3.5). It talks about a secure association being established between the web container and the ejb container to manage context. This, it sounds like, allows you to authenticate/authorize once and carry the resultant context to the ejb server for sercurity validation. First, can anybody tell me how this works (lower level)? Second, can anybody tell me if this works in a system that uses weblogic for ejb and tomcat for jsp?

    If you don't know these answers, can you relate your experiences with integrating security and state management across apache and weblogic?


    Threaded Messages (1)

  2. secure associations[ Go to top ]

    I don't understand how that's possible. If you have multiple users and threads in your web container, you have to associate the security context with the thread before every ejb call.