0 Replies Latest reply on Oct 9, 2009 3:09 AM by Marc Ende

    Webservice-Security and containermanaged security using sso

    Marc Ende Newbie

      Hi,

      I'm currently working on a project where I have an ear with many beans (many of them are ejb2, some ejb3). The ejb3 have local-interfaces and they also act as webservice endpoints. These beans (the webservice-endpoints) are using container-managed security (jaas/@SecurityDomain).

      Then there are two other war's which are not incldued in the ear, mentioned above. These both also use container-managed security. The web-apps are accessing the business-logic using the webservice-endpoints.
      Now to my question:
      When I have logged in on Webapp A are the credentials automatically provided when accessing the webservice indirectly (SSO is configured for the whole Host.) or do I have to store the credentials in the session for reuse on all requests to the webserviceendpoints?

      Thanks for your help!

      Marc