1. is this a trusted impersonation scenario?
that is, caller x calls an ejb, and the ejb will invoke another web service on behalf of its caller. the ejb container will attest for x, by signing the invocation originating from the ejb.
2. In other words, must the username be injected by the ejb, or is it sufficient for the name of the caller of the ejb to be propagated.
3. does the embedded client need to have access to the password of the "user"?
If the answers to the above three questions are: yes, yes, and no respectively; then
it may/should be possible for you to replace the cbh passed to the client auth module,
with a cbh that supports the namecallback by acquiring it from the current security context.
We will also discuss sedimenting this into GF, but we could help you do the above, in the mean time.
please answer the questions, and then we will see where that leads this,
thanks,
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=214489