[jboss-user] [Security] - Webservice-Security and containermanaged security using sso

meme do-not-reply at jboss.com
Fri Oct 9 03:09:05 EDT 2009


I'm currently working on a project where I have an ear with many beans (many of them are ejb2, some ejb3). The ejb3 have local-interfaces and they also act as webservice endpoints. These beans (the webservice-endpoints) are using container-managed security (jaas/@SecurityDomain).

Then there are two other war's which are not incldued in the ear, mentioned above. These both also use container-managed security. The web-apps are accessing the business-logic using the webservice-endpoints. 
Now to my question:
When I have logged in on Webapp A are the credentials automatically provided when accessing the webservice indirectly (SSO is configured for the whole Host.) or do I have to store the credentials in the session for reuse on all requests to the webserviceendpoints?

Thanks for your help!


View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259540#4259540

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259540

More information about the jboss-user mailing list