1 Reply Latest reply on Apr 9, 2003 3:31 PM by Peter Doornbosch

    Passing user security context from web to ejb

    Willie Vu Newbie

      I have a web app that authenticates users using servlet filter. This filter delegates authentication to another server. Once the delegate server authenticates a user successfully, the user is forwarded back to the original web app. This web app then presents information gathered from session beans. These session beans use container-managed security. Thus, the beans expect a valid and logged-in user.

      I have a limitation that I can't use container-managed security on the web server side. I have to rely on filter to do authentication.

      My question is, how do I login the user before calling methods in the session beans?