Hi,
there are two steps required to configure security:
a) on the server (through "login-config.xml" and security domains).
b) on the client (as the client security layer has to know how to perform login against
the server).
The client basically sends user and password to the server, and the server grants access
or denies it. The client knows whether he has to send user/password or a certificate (this
is configured by code and through "auth.conf"). But the client does NOT know how
the user/password login is handled on the server side.
Unfortunately, the term "LoginContext" appears on both sides, but these are
different things.
You might take a look at the EJB3 tutorial for a very simple sample (chapter 27):
http://www.jboss.org/file-access/default/members/jbossejb3/freezone/docs/...
Best regards
Wolfgang
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222316#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...