Hello,
I'm trying to find out, how does JAAS integrates with
J2EE. Suppose our J2EE container maintains keystore for X.509 certificates. On client side (which is either Web or
Java app based) we initialize JAAS LoginContext and initiate user authentication. As I understand, authentication request is passed to our J2EE container. After successful authentication client side may proceed by looking up for EJB's etc. And I'm not sure, when does authenticated Subject with Principals are passed to J2EE? Should I always use doAs() in order to supply authentication info with J2EE request (ex. EJB call)?