If I am using an application client (J2SE java classes) to access EJB in another machine, how should I do authentication in the J2SE classes so that the EJB can tell which role the user is logged into and carry out all those security checking defined in the <method-persmission> tags?
Originally posted by Alec Lee: If I am using an application client (J2SE java classes) to access EJB in another machine, how should I do authentication in the J2SE classes so that the EJB can tell which role the user is logged into and carry out all those security checking defined in the <method-persmission> tags?
I dont know about JAAS and is just using ordinary java classes in J2SE to lookup a remote session bean through JNDI. So does it mean that if I want to propagate some security info to the remote session bean from my POJO, I must learn and use JAAS?
What do you have in that there bucket? It wouldn't be a tiny ad by any chance ...
a bit of art, as a gift, that will fit in a stocking