You can take a look at SRPLoginModule as an example of authentication mechanism that involves multiple client/server exchanges. So the answer to your question is Yes, it can be done. The real problem with this kind of implementation (based on RMI) is that it is either not really secure (as is the case with current SRP implementation) or would be inefficient (compared to transport level security) because you would have to add custom interceptors to encrypt/decrypt messages using session key.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856359#3856359 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856359 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
