> Hi Ron,
>
> Now that I have read docs & codes about jsr196 I'm
> back with some questions.
>
> - Is there a way to package a SAM in an ear ? how ?
yes, but this is a little opposite of the 196 philosophy; which sought to preserve decoupling between the app and the underling container security system (being extended by the Sam). include it as a pojo in your ear. it will need to be on the application classpath. you can bind it to your app via a message-security-binding in sun-ejb-jar.xml (assuming you are ok with application coupling), or you can use a custom authconfigprovider to bind the sam without changing your app.
> - How can I get the SSL client certificate (or it's
> subjectDN) in a SAM ?
if you can get the httpServletRequest, you can find the ssl certificate stored in an attribute of the request (see the Servlet spec for details)
ServletRequest.getAttribute("javax.servlet.request.X509Certificate");
I am not sure if the httpServletRequest is available to an ejb web service endpoint (but I think it is). Hopefully one of our jaxws security experts can help with this.
> - SAM execution is outside the transactional scope
> isn't it ?
The SAM is invoked before the webservice invocation and after it, if there is a transaction that whose scope encapuslates the web service incocation, then the SAM will be invoked within the transaction.
Ron
>
> Thanks again.
>
> Paul
>
>
> ------------------------------------------------------
> ---------------
> To unsubscribe, e-mail:
> users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail:
> users-help_at_glassfish.dev.java.net
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=272945