i've read the following in Designing Enterprise Application with the J2EE Platform, Second Edition from The Javas series in the chapter about authentication and autorization:
"there is no way to authenticate to an EJB Container"
the book further elaborates on authenticating to a web-container. does this mean that authentication is not possible when using a swing client to connect the j2ee application ? maybe a stupid question, but a very important one for the application i'm developping.
Joined: Sep 29, 2002
What the author might mean is that EJB security is all about authorisation. When a user invokes an EJB method, he or she needs prior authentication.
Authentication is typically done on login, and you could use the Java Authentication and Authorization Service (JAAS) or the Java Secure Socket Extension (JSSE) to authenticate to the server.
SCJP 1.4, SCWCD 1.3, SCBCD 1.3
Joined: Aug 23, 2005
thank you for the quick response i'll look into JAAS now, i suppose JBoss fully supports the JAAS Api..