I'm using the April 8 release of Jboss 2.2/Tomcat 3.2.1. I'm attempting to write an app that will have a client portion, a servlet controller on Tomcat and be modeled with some session and entity beans in JBoss. I'm hung up on JAAS. I've sucessfully secured the servlet with HTTP Basic auth, but that has nothing to do with the EJBs. I am having a lot of various trouble getting into the ejb from the servlet. Ultimately I want the servlet to call ejbs. The servlet informs the user of security events (need login, can't do that, etc.) based solely on security in the beans. Can someone give me a push in the right direction? (Code appreciated) I'm expecting the the client app will pass in credentials using http headers in the same way a browser would. I'm thinking it's something like: Make LoginContext(what goes here) where does JNDI lookup java:/jaas/other fit in? Load Context with stuff from http auth headers if any. ContextVar.login() Try operations. Catch(SecurityException) inform user of problem. Flag "need login" if applicable. Thanks in advance. Darrin _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
