It is unsecure WebApp.
I did not perform any security mechanism configuration for EJB on server side but for client side I found only example how to setup external JNDI lookup name. Unfortunately I see only example but no list of mechanisms.
Is it enough to set security mechanism as external JNDI property?
[Message sent by forum member 'dea' (dea)]
http://forums.java.net/jive/thread.jspa?messageID=336829