Hi Matthew, One thing to possible consider in your scenario is to use HTTPS with Client Certificates. The security will be in the HTTP transport layer rather than in the app.
Not Yet Commons SSL implements a nice client side solution that works with xfire. Setting up a tomcat connector to use HTTPS and client certs is relatively straight forward. If you want to go crazy, you can front your app with Apache and use Mod JK to handle all the certificate validation for you. Let me know if you are interested in more details. Cheers, Yogesh PS. I am working up some documentation (as we speak) on the java side of things here: http://www.wijiscommons.org/gjxdm_example/java/java.html Beware that it might change as I finish it up. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
