-
1. Re: Servlet run-as
nparab Apr 23, 2003 12:57 PM (in response to glum)Just posting a copy in this forum, in case you didn't read my reply in the other forum.
=====================================================
glum,
I might have found a solution for you. Instead of using 'run-as role', you manually login to the ejb security layer from your servlet using a user-id and password which belong to that role.
This article will clarify:
http://www.luminis.nl/publications/websecurity.html
You could use the ClientLoginModule (described in the article) from your servlet to log in to the ejb security layer. Since your servlet is unsecured, you cannot get the user-id and password from the HttpSession as described in the article. Instead, you could use a fixed user-id and password, probably passed as init-parameters to the servlet from web.xml. This user-id should have the role required for the ejb.
Let me know if this works for you.