Our requirement is pretty common, access secured ejb
from a (remote) client application and use JAAS for
authentication. We would like to keep everything
dependency free so I'm wanting to avoid using vendor
specific remote client login module.
However, I'm getting a little confused on how to do this
generically and could do with some guidance/pointers.
I had thought I could provide a normal LoginModule
to do our authentication, along with a ejb presenting
a login method that would perform the login for a
remote LoginModule locally on behalf of the remote
client and return the principals. Question is how will
the client present these when it performs the remote
invocation? Can I use an interceptor to and the
principles to the invocation context?
I assume this is a very common goal. Is this way
flawed, wrong or is there a simpler way.
Thanks for reading this,
||1/10/2007 11:41:54 PM