if the desktop application is a j2ee application client, what i get from the j2ee spec, it would automatically handle the authentication. how does this authentication mechanism stack up against JAAS or programatic approaches.
Don't get me started about those stupid light bulbs.