I solved the problem myself. I used the policy "client-login", and it works. seems ClientLoginModule is the way to propage security context. Hope it could be helpful for people having similar problem.
by the way, this security forum seems to be really inactive. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842445#3842445 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842445 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
