Roll, The first thing to release is that, once you apply security, ALL EJB method calls must be accompanied by principal and credentials. Your client (assuming that it is a heavy client) has to store principal and credentials in the client context and supply these with every call.
You could write an unsecured module that tests and validates credentials independently but it doesn't gain you very much. It's simpler to have an empty method on a session bean which is called to test principal and credentials from the login screen as soon as the user has entered them. I can dig out some sample code if this is of interest. James View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841870#3841870 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841870 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
