« Return to the main article
Hi
Just a remark..
Using getRemoteUser is not the right way to make a servlet secure "in a Domino way".
The servlet is running with the security rights of the server and not the security rights of the user.
The right way would be to:
- Use Corba to access the databases from the servlet - use SSO on the server - Use the LtpaToken to let the user log on in the servlet
In that way the servlet is running with the security rights of the user and not the server.
regards Jesper Kiaer http://www.activator.dk
Hi
Just a remark..
Using getRemoteUser is not the right way to make a servlet secure "in a Domino way".
The servlet is running with the security rights of the server and not the security rights of the user.
The right way would be to:
- Use Corba to access the databases from the servlet - use SSO on the server - Use the LtpaToken to let the user log on in the servlet
In that way the servlet is running with the security rights of the user and not the server.
regards Jesper Kiaer http://www.activator.dk