I have system that consists of thin client (WEB), rich client (GUI) and J2EE service. I need to secure authentication and authorization process. In a thin client I can use SSL. But what about rich client?
SSL can be used with the detached invokers to talk to ejbs or other server side components. See the security chapter in the online admin/devel guide.