Instead of passing the session ID, you can configure the security domain to have the same user names and passwords as your web users, configure your web services to use basic auth, then pass the username and password as the HTTP headers. The wiki link that Thomas posted above explains it all. The trick is just to make sure that the usernames/passwords in your web tier match up with the usernames/passwords in your EJB tier.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3864687#3864687 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3864687 ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
