Well I've been running the secure EJB's with J2EE roles fine now, but like you say it only works for one thread and therefore the login information is lost after that HTTP request/thread dies.
I'm not sure where in chapter 8 is the container managed authentication that you describe? Do you mean securing my servlets by using the <security-constraint> element in web.xml? If so, how does this propagate to the EJB security? Would this mean doing away with using the ClientLoginModule and ServerLoginModules and using a Realm Implementation instead? Thanks again, I'm working on a very large app and trying to retrofit JBoss complient A/A so that we can use JBoss in the future! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949589#3949589 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949589 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
