[jboss-user] [Security & JAAS/JBoss] - Re: Can't get access right from Java Client

[jmcollin92]

Thank's for your reply.
But is it not possible to have the authentication done by the server using its login configuration ?

What's the use of having a security declaration server side if a client can authenticate itself and then make any calls he wants server side ?

There is really something I don't understand, I guess...

My needs are :
1. a client calls a log in service server side passing a login and a password to the server,
2. the server authenticate the user, store the roles of the user in the context,
3. the authenticated client calls a secured EJB.

Like it is done by a webapp accessing a secured EJB.

Is it not possible ?



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3976156#3976156

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3976156