Hi anil.saldhana
since the ejb tier is on a different box than the web tier, I thought that
conceptually, I would need to configure the ejb tier to trust the security info
coming in from a specific web tier box (otherwise, it may be possible to fake
the principal and get in without authentication.)
anyways, I tested this configuration using form base authentication at the
web tier level and then invoking an ejb on a different box. I invoked a method
that doesn't require any authorization and that works fine (initial context
plumbing working). When I tried a method requiring authorization, got an
exception saying that there is insufficient permission and that the
principal=null. Am I missing something?
thx
Robert
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4093677#4093677
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4093677
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
