I am trying to understand the security setting between ejb client and container.
In sun-ejb-jar.xml there is an attribute called <establish-trust-in-client>. Is it for client certificate authentication if its value is REQUIRED? But there is also another attribute <as-context>-<auth-method> which value can only be [username_password]. I am confused about these attributes.
Furthermore, there is a <ssl cert-nickname="s1as" ...> attribute in sun-acc.xml which can speicfy the certifiate that the client is using. Is it avaible for ejb client?
Any help is appreciated.
Cheers,
[Message sent by forum member 'jasonw41' (jasonw41)]
http://forums.java.net/jive/thread.jspa?messageID=286906