> Though I haven't tried yet, with the Jboss/Jetty
> integration I understand that users can authenticate
> against the JBoss realm to provide security to the
> web tier as well as on EJB methods. What I am
> wondering is, if my application is later deployed
> where JBoss and Jetty are on separate servers is this
> functionality still possible?
This is certainly possible, but i think you have to run Jetty in a JBoss container. This is needed in order to have the jboss-jetty integration code, that assures that the proper security context is used for EJB calls, based on the login credentials used for jetty login.
Note that JBoss is based on a small JMX server, so configuring it for running jetty only (ie. running the jetty MBean) must be easy.
Of course if you are using a login module like DatabaseLoginModule in jetty, you'd also have to make sure jetty can remotely access the database that contains the users/roles.
so if I run a Jetty/Jboss instance as a web server then the authentication should pass through to the Jboss instance on the remote server? how is this accomplished?
> so if I run a Jetty/Jboss instance as a web server
> then the authentication should pass through to the
> Jboss instance on the remote server? how is this
Yep, the security context - or actually, the security credentials username and password - or passed with each remote call.