> if my class implements
> javax.security.auth.callback.CallbackHandler,
> can i assume that glassfish framework will encrypted
> the password during network transmission??
No, if you are accessing the ejb using RMI/IIOP, the password will always be included in clear text form in the IIOP layer mesages. In order for the passwords to be protected on the wire you must configure the service to require ssl, and all the network traffic will be encrptyed at the transport layer.
ssl is required by an ejb based on the configuration of its ior-security-config element in sun-ejb-jar.xml
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=268552