Hi, there are two steps required to configure security:
a) on the server (through "login-config.xml" and security domains). b) on the client (as the client security layer has to know how to perform login against the server). The client basically sends user and password to the server, and the server grants access or denies it. The client knows whether he has to send user/password or a certificate (this is configured by code and through "auth.conf"). But the client does NOT know how the user/password login is handled on the server side. Unfortunately, the term "LoginContext" appears on both sides, but these are different things. You might take a look at the EJB3 tutorial for a very simple sample (chapter 27): http://www.jboss.org/file-access/default/members/jbossejb3/freezone/docs/tutorial/1.0.4/html/Security_and_Transactions_in_EJB3.html Best regards Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222316#4222316 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222316 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user