I'm just starting in on a new project. I have been directed to create a SOAP service that will be consumed by a Portlet. The portal server is on a physically separate server from the JBoss EJB3/SOAP server.

What I want to do is to take the Authenticated Principal from the Portal and pass it back to the server running the SOAP services. How would I do this? I assume that JAAS plays a role and the secret is in a properly configured realm.

The documentation I have assumes the SOAP and Portal programs are on the same server... but these programs are on physically different servers. I can see this being a problem if I have to coordinate authentication between multiple SOAP servers which I know many shops must have to do. So, I figure there must be a straight forward solution that I'm not finding in the JBoss wiki, the JBoss text books I have, or the other training materials.

I'm trying to answer this security question before I start writing application code.

Thanks.