I am using jaas security in our applicaiton. In our application both web and ejb tiers are in the same jvm. I am using Client Login and UserPassword Login module.
As i have read from jboss3.0 book, when we use the jboss client login module, It stores the user credential into the SecurityAssociation object and later when some method of secured ejb is invoked. The Jaas Security Manager uses the SecurityAssociation object to retrive information for this thread.
We are planning to run the application using Jboss clustered envirnoment. one machine will have the tomcat and jbossinstance in single vm and other machine will only have the jbossinstance. In this case if from the web tier if i use the client login module, then if because of clusinging if the ejb request is forward to jboss instance which is not in the same vm. then will the jboss be able to retrieve the Client credential.Is it possible.how the jboss security architecture works in the Clustered environment.
any help or information will be greatly appreciated.
Thanks for your help.