I have a standalone application that uses EJB3 services provided by JBoss AS 4.2.0. To guarantee the confidentiality of authentication, I'm investigating the SRPLogin module.
In Jboss configuration guide, chapter 8, it is written
The org.jboss.security.srp SRPVerifierStoreService is an example MBean
service that binds an implementation of the SRPVerifierStore interface that uses a file of
serialized objects as the persistent store. Although not realistic for a production environment, it
does allow for testing of the SRP protocol and provides an example of the requirements for an
What may be more realistic for a production environment ?