I want the login information to be passed to my application using SSL, so that no one can spoof, which means that the login page will use SSL, whereas I would like the remaining application to be as it is ( ie no SSL).
The question is? what kind of challenges I have been looking for to implement this. Is this a matter of configuration with the existing jboss code or I will need to write a custom security login module in order to achieve this.
Please share your ideas, also, has anyone tried this.
you can specify SSL on a per EJB type by mapping an EJB, eg <ejb-name>, to a <container-name> element in jboss.xml. This <container-name> would then define the configuration of the container using SSL.