Help: EJBs, WARs, and J2EE security


EJB design: Help: EJBs, WARs, and J2EE security

  1. Help: EJBs, WARs, and J2EE security (1 messages)

    I am some what new to J2EE. As I learn these technologies I find myself drawn to an architectural question.

    Can J2EE security be shared across various web applications (WAR files)?

    To elaborate: Have many different war files share the same security context. A single login and single security context that can be share across web applications(war files).

    Is this currently available under the J2EE spec. and I am misreading it? or Is there a hack or design that can facilitate this?

    By the way, I am using Weblogic5.1.0 sp8.

    Thanks for your help.
  2. Help: EJBs, WARs, and J2EE security[ Go to top ]

    Any number of web apps on the same container can share resources:

    "A servlet container is required to track authentication info at the container level and not at the web application level allowing a user who is authenticated against one web application to access any other resource managed by the container which is restricted to the same security identity."

    Section 11.6, Servlet 2.2 final specification.

    Jason Weiss
    Internet Application Division
    Sybase, Inc.