Why not make a session bean that enforces A&A, and have it delegate to the rest of your EJBs. Only make this one session bean public, and enforce that all interaction with the server from your application go through this session bean - basically a Session Facade pattern that also enforces A&A.
Write once, run anywhere, because there's nowhere to hide! - /. A.C.
Joined: May 07, 2003
seems not much choice...similar as you suggested....
1. urlconnection to login url and save jsession id upon successful login 2. urlconnection with jsessionid to my own ejb proxy url, which forward to the relevant ejb and do the job
the constraint is mainly the A&A part, it's a component and we have to POST to the url.....