Wonder if someone knows some sort of design pattern for security in a system where Tomcat and Jboss are on different hosts (JVMs). My story is:

We setup Tomcat and Jboss on different hosts. Associated with the web content, we have certain roles/permissions setup. The dynamic part of those Web content is controlled by accessing EJBs within Jboss. Associated with the EJBs, we have certain roles/permissions setup. We have two approaches to solve the overall security issue (authentication & authorization) in mind.

1) Make Jboss trust our Tomcat 100%, so any access to EJBs are fully authorized. By doing this, security control is actually done in Web tier if the access is thru a browser.

2) Security control is done at EJB side. When user login thru Tomcat, tomcat delegate the authentication to the EJB side (of course we need write our own server-side login module).

The major issue with solution 2) is that we have to make sure EJB access permission is aligned with web content access permission. For example, if a button is enabled on a page, then the user must also have the permission to invoke EJBs asociated with that button. In a complex system, this would be an astonish task.

comments please.