Hi All, Can anyone point me out to some guidelines about how to handle user authorization, when requesting an ejb. For know all I could find is that this topic isn't part of the starndard ejb specs, so that every ejb server supplier can implement there own authorization api's. One of the things I like to prevent is prefenting from some bogus client to request EJB's from my ejb server, whithout being verified. That is why placing authorization logic in my servlet's doesn't seem the right place to me. Should I write some entity bean, which can be accessed by all other beans to verify a user ?? Or is it better to use a SessionBean, accessing the database to verify a user ?? Does anybody have experience on this topic or can anyone give me some guidelines. Any help would certainly be appreciated. Thanks in advance, Raymond Domingo
begin:vcard n:Domingo;Raymond tel;fax:074 250 15 09 tel;work:074 250 60 00 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] fn:Raymond Domingo end:vcard
