The subject of the http request is obtained from thread local of the
SecurityAssociation and added to the ejb request for propagation to the ejb container.
This is done by the SecurityInterceptor in the ejb proxy. There is no maintence of the
Subject between requests. The caller is authenticated
Thanks for the bootstrap. I've looked around the classes involved and from what I
understand of the code
I noticed that during the overriden authenticate method on JBossSecurityMgrRealm the
Subject created by the LoginContext instance is stored in a SecurityAssociation
ThreadLocal instance
Look at the org.jboss.web.tomcat.security.JBossSecurityMgrRealm to see how its done
with the embedded version.
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3827332#3827332";>View
the original post
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3827332>Reply
to t
