If the Central Server EJB has to act as a service for an authentication realm
by receiving the username/password directly, then it should receive the user
requests directly (by specifying an as-context, realm etc) . For secure
communication, the secure IIOP port could be used. Instead, if the
intermediate web-servers are to receive and authenticate the users, the URLs
have to be protected in the web-container, specifying the auth-realm
configuration in web.xml. After authentication. the IDT would be sent to the
Central Server on setting the sas-context caller propogation element to
SUPPORTED in the glassfish-ejb-jar.xml. .The communication between the
webservers and the Central Server could be secured as well. Please see
http://blogs.sun.com/nithya/entry/secure_communication_between_web_app Thanks
Nithya
--
[Message sent by forum member 'nitkal']
View Post: http://forums.java.net/node/796678