The ClientLoginModule (which is also used in the SecurityClient) is something like a "cache". If you're "login" using this
module, the credentials (username, password) are stored in memory. The real authentication against the server is done when
it's accessed the first time. I'm doing that in my projects shortly after your sec.login() method. So I can catch the LoginException and
react on it in my GUI for example.
OK, thanks. That is consistent with what I'm seeing. So, the EJBAccessException is expected when authenticating against a secured EJB with the wrong login credentials. The GUI app works properly, I just didn't expect to have to catch both exceptions.
Something is still wrong. I have removed the unauthenticatedIdentity option to ensure that I'm not accidentally using an unauthenticated identity. However, when trying to accessing the secured EJB on another server, the application no longer attempts to authenticate (I have security tracing on). I simply get an EJBAccessException (Invalid User) without any messages appearing in the server trace. Why won't my SecurityClient authenticate with the server?
OK, I have two related problems. I will close this thread since I am having trouble with a different issue.