Hi, I have a remote secure ejb deployed on GF 3.1.2, protected declarativly
on a custom realm. A ProgramaticLogin is made from a stand alone java client
, the look up and invoking is working fine. Is there a way to get the subject
on the client side? how secure is this Subject? can it be tampered by the
Stand alone client(Say add more roles )? If so is there a way to Sign the
subject in GF? , so it can verified on the server? In general how this entire
thing works? Also if I have 2 different servers (stand alone) running in the
same domain and have the same default security realm ,do I need to make 2 PL
login calls from the client, one for each host? Thanks
--
[Message sent by forum member 'gfuser']
View Post: http://forums.java.net/node/892815