In JBoss 4.0 and J2EE 1.4. Stateless Session EJBs can be exposed as web services. You can propagate principal and credentials using basic auth, but the spec really doesn't specify security semantics.
Security isn't difficult to write as an aspect, but what is difficult is plugging in how the client propagates the message. You could specify JAX-RPC handlers on the client and server side to add to the SOAP envelope and propagate security. Bill View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3847885#3847885 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3847885 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development