Hi,

I have a web-app applying Struts running in JBoss and the embedded Tomcat.

I know that Struts, JBoss (EJB security proxy and other policy) and Tomcat can provide with mechanism to process authentication and authorization.

if a datasource pooling set up in JBoss, applying which one of these three ways is better to applied in term of flexibility?

another relatived question,

what's the JBoss EJB security for , if authentication and authoriztion have been proceeded ?

--
Thanks lots
John
Toronto