First of all, thank You very much for Your answer.
Machine A:
- allows access to functionality based on the roles/groups authenticated user is member of.
- authentication (by custom login module), places in a subject (besides other things) a custom principal which contains some user specific information which was retrieved from database and which is used in most of EJB logic to implement a granular (not ejb based) application specific security system.
- transport layer beetween A and B need not be secure.
Machine B hosts an rich application running in a servlet container. It uses servlets and communicates with a client side by its proprietary protocol.
I will have to check if I can get any one-client-per-thread guarantees.
Is there any solution that could be used when two or more users have to be concurrently authenticated in one thread ?
[Message sent by forum member 'yansvanhorn']
http://forums.java.net/jive/thread.jspa?messageID=476866