How to invoke a EJB with user and password to validate the invoking ?that is, unauthorization invoking EJB is not allowed.
have you looked at the security related annotations?