i see, but if ssl is enabled, then the performance penalty will be great, but if not, this will be a big security loophole, is there any work around??
besides, how do glassfish inform appclient when user input incorrect password (will it use callback handler again?)
will it be possible a user to logout the appclient, without restarting the appclient and allow another user to login?
[Message sent by forum member 'unknown2' (unknown2)]
http://forums.java.net/jive/thread.jspa?messageID=268671