IIRC you write a CallbackHandler that obtains the credentials from a source of your choosing (such as the client command line or a login dialog) and configure this in the application-client.xml (the spec dd, not the geronimo plan). You also need to configure a security realm in the app client that contains the org.apache.geronimo.openejb.OpenejbRemoteLoginModule configured to connect to the server. There might possibly be an example of how to do this in the geronimo testsuite in a client security test.
I don't think you want to configure the security info on how to log into the server in the app client configuration.... that would mean anyone who got the app client could log into the server with no further credentials. hope this helps david jencks On Apr 5, 2010, at 3:50 PM, Sarah.kho wrote: > > Hi > Can you please let me know when we have a secure ejb in the enterprise > application and the application client need to access that ejb, what happens > to the sending username and password to the server? > > how to configure the geronimo-application-client.xml for for security > checking? > > > thanks. > -- > View this message in context: > http://n3.nabble.com/application-client-and-secure-ejbs-how-do-we-determine-the-security-realm-tp698976p698976.html > Sent from the Users mailing list archive at Nabble.com.
