Thanks for replying. It doesn't quite fit my case because in my case, I don't have
the credentials (I just have a Tomcat Valve that extracts the user from a cookie and
passes that through without a password.) But I have got the authentication to work (the
invoker JNDIFactory is protected and it gets through that), the problem is that the
principal is not getting to the session bean. I can't even get to the session bean if
it is protected, and this connection rejection occurs before the marshalled invocation is
established in the InvokerServlet. I can't understand why JBOSS doesn't have an
answer to this, because one of the justifications for using HTTP tunneling is to establish
the user credentials.
Only protecting the JNDI interface is rather pointless from my point of view. I want to
use SSO from a java application using the cookie set up from the browser.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4048263#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...