Hi,
I looked at your Client and Server Code and the questions that you seem to have are the following :
1. Why called the CTJDBCLoginModule when I called the EJB, why not just when I called the LoginContext.login or ProgrammaticLogin.login.
Ans.) LoginContext.login() and ProgrammaticLogin.login() are local calls on the Client VM and have no remote counterparts on the server. IOW, no message is sent to the Server for these calls. Instead when the EJB is invoked at that time the Credentials from the Subject are carried over to the server side and the Server tries to determine each time whether the user is valid by authenticating against your CTJDBCLoginModule.
2. I guessed that the EJBSession is alive from Login to Logut and the custom attributes of a CustomPrincipal are modifiabled and usabled in that time.
No, unfortunately not. The kind of Session "Like" feeling you get on the client side from Login() to Logout() does not apply for the server.
Thanks.
[Message sent by forum member 'kumarjayanti']
http://forums.java.net/jive/thread.jspa?messageID=473270