Dear Kumar,
These are very bad news for me, I hope these behaviors are temporally only.
1, Instead when the EJB is invoked at that time the Credentials from the Subject are carried over to the server side and the Server tries to determine each time whether the user is valid by authenticating against your CTJDBCLoginModule.
Ans) Our LoginModule will calling the Realm and if authentication succeeded will building the list of groups into the subject which are will be used by the server for the role mappings.
It could be a long time depend on Realm kind, but how many the possibility of revoke the grand from a logged in user (is it big)?
2, No, unfortunately not. The kind of Session "Like" feeling you get on the client side from Login() to Logout() does not apply for the server.
Ans) If I do not develop a web application (where a session is) just a Swing or RCP ACC client with Bussiness Logic server what can I do? I must generate an entity as a fake session and always use an id in communication for it like a PHP form hidden sessionid?
Thanks, Attila.
[Message sent by forum member 'aszomor']
http://forums.java.net/jive/thread.jspa?messageID=473490