Hi,

I'm currently working on a project where I have an ear with many beans (many of them are ejb2, some ejb3). The ejb3 have local-interfaces and they also act as webservice endpoints. These beans (the webservice-endpoints) are using container-managed security (jaas/@SecurityDomain).

Then there are two other war's which are not incldued in the ear, mentioned above. These both also use container-managed security. The web-apps are accessing the business-logic using the webservice-endpoints.
Now to my question:
When I have logged in on Webapp A are the credentials automatically provided when accessing the webservice indirectly (SSO is configured for the whole Host.) or do I have to store the credentials in the session for reuse on all requests to the webserviceendpoints?

Thanks for your help!

Marc