This is why I chose tokenized security instead of JAAS, which I view as a work in progress. You can pass a user session token as a simple parameter to any EJB method from any Java client. With one line of code, your EJB method can validate that the user has access to the business method. The line of code will throw an AccessDenied exception if the user does not have access, which your client framework can handle in a standardized way. No container context is required for tokenized security. Indeed, it is even J2EE vendor independent, so your WebSphere clients can call JBoss EJBs.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3835113#3835113 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3835113 ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user