Hi Wolf,
I would appreciate the example. This is a major rewrite in our application of what has been working for the past 8 years. A bit troublesome is that EJB authentication on the server side does work with the ClientLoginModule.
With 7.x, there is now a big difference on how local vs remote ejb's are invoked. In local mode, security context can be propogated using ClientLoginModule. Unlike remote calls. EJB invocations should be consistent and they now feel worlds apart. While all the optimizations in the remoting layer are appreciated, taking away thread-set-credentials in remote calls will undeniably cause a lot of headaches for developers. Just my 2 cents.
Tarek