I have an application which is using ClientLoginModule for the LoginContext's login module. I've created a callback handler for use with the LoginContext. On the server I've setup to use the DatabaseServerLoginModule.
I do realize when using the ClientLoginModule, the login method does not actually log you into the AppServer. When I get the interface to the bean the AppServer then uses the information set in the LoginContext to authenticate the user. Now If I set the username and password to a valid user everything works fine. My brain cramp is what to do when the login information is not valid.
In that case I get a RemoteException trying to create the interface which has nested in it a ServerException, and an EJBException. Am I supposed to keep looping through this code calling the login method to reset the credentials? How should I handle the cases, in my application, where the user does not have persmission to execute a method on an EJB?
Is there something else I'm missing? Am I supposed to be using ClientLoginModule or something else? It seems that all the examples I see catch the LoginException.
Thanks in advance for any insight,
Its up to you. I don't know what makes sense for your app. Maybe a SecurityException should trigger the display of a login module asking for a valid user, maybe you should be just displaying an error dialog, maybe you app should be actually verifying that the user has some degree of validity by adding a login module which actually does some authentication.