As we all know that in in J2EE we can set acls to beans and their methods. Andfor that the credentials and principals are to be supplied for getting the naming context thru hashtable enviroment. Now the question is that how could we pass the credentials and how can maintain the credentials and password over the entire session so that user can get the appropriate authorization in form based authentication of web based application. How should we maintain the credentials over the session ? Should we put that in session? But is that secure?
One more point, if cetificate based authentication is being used, how to use for the realms.
Pls do give your suggestion.
Thnaks and Regards,