Hello I have a glassfish 3.1 project that uses application client to launch a netbeans platform application. This is fairly time-consuming to download and launch so I would like for different users to be able to login/logout of the client without having to close and relaunch it.
I am fairly new to ejb security so please forgive me if I am ignorant. I would like to use declarative security. However it seems that even though one may annotate ejb methods with permissions, the whole login/logout thing is coarse-grained and cannot be programmatically invoked.
So my question is whether there is a design pattern for this using the container managed security or should I implement my own security?