This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I'm developing an application client that connects to EJBs in a remote Glassfish server. When the application invokes a remote, protected method of an EJB, my custom CallbackHandler appears to collect the user's credentials and send them back to the server.
The problem is that if the user introduces wrong credentials, next calls to a protected method don't invoke the CallbackHandler again, and a security exception is thrown.