Yes, you have to handle this at the login module level, but this is not application-managed-security, which cannot be used with CMP as the application is not the one obtaining the connection. Its container managed security with the security context derived from the caller's context, and there should not be any username/password in the *-ds.xml (unless there is a meaningful default).
So if the connection credentials are simply those of the caller then use a security realm that uses the org.jboss.resource.security.CallerIdentityLoginModule login module. If you need the connection credentials to be some function of the caller identity, then create your own login module using the CallerIdentityLoginModule as a starting point. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836505#3836505 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836505 ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
