Hi,
thanks for the answer, but I am not sure this suits my needs (unless I misunderstand your posting).
I call pm.login(user, password) on the server side (from a stateful session bean), as I would like to avoid having any authentication logic on the client side. From reading some articles on the web I thought this would be possible. Moreover, I create the InitialContext to get the session bean with no args at all. This works, but after I logged in any subsequent calls to my session bean fail due to the absence of a valid principal. This results in a naming exception rooted in a "java.rmi.AccessException: CORBA NO_PERMISSION" exception, as these bean methods are all secured by @RolesAllowed statements.
Thus my question, is the SecurityContext not cached in a stateful session bean?
Thanks
[Message sent by forum member 'gnorph' (gnorph)]
http://forums.java.net/jive/thread.jspa?messageID=342213