Hi,
After following the examples from the previous mails, I am able to turn on the
JAAS module. As far as I tested on the client application, everything works properly.
The exception was thrown when I try to call the method from the unauthenticated or
unauthorized client.
But when I tested it from the unauthenticated (unauthorized) jsp ( which
actually called the bean that wraps the ejb's methods), no exception was thrown. Why
ejb is not protected from web client? Currently, I am using EmbedTomcat w/ JBoss. Is
it because both Tomcat and JBoss run on the same VM, JBoss trusts Tomcat's calls and
never authorize them?
My second question is how to use JAAS on Tomcat's authentication and
authorization. I did my homework for this question though. I searched the Tomcat
mailing archive, and it seems to me that it will work in Tomcat 3.x.
However, I found out that someone can manage JAAS to work in Tomcat 4.x. That
brings me to my third question. Is there anyone try to integrate JBoss w/ Tomcat 4.x
yet? (I tried it myself, and it seems that EmbedTomcat would not work w/ Tomcat 4.x.)
Thanks,
Apichat
Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
