Hi everybody,
I have implemented some web services residing in a war file deployed on my Tomcat. The web
services module is a client to some EJBs deployed on my JBoss. I need to log the user in
my realm on each WS request and log the user out before the WS response.
I have implemented security on web applications with JBoss and used JAAS realms
succesfully but what do I do in this case with Web Services? I mean the requests are
stateless. If I use the org.jboss.security.ClientLoginModule
won't this override the credentials of another user who is already logged in the
realm?
I have also implemented a standalone application which spawns a thread for each user
request and I am wondering about the same thing. This application is a service listening
for some kind of messages; on a message the application should log the user in the realm
before calling an EJB and log the user after the request is completed. So it's more or
less the same situation as above.
Is this possible? I mean logging many users in the same realm in one non-web application?
Any ideas?
Thank you in advance!!!
thoism
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4144211#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...