I have an
EJB client that's using JAAS to connect to an EJB in Weblogic. It seems to work fine. The client connects fine, provided I setup the right username/password. If I use an incorrect username/password, I get a 'javax.security.auth.login.LoginException' exception as expected. The problem is that the client is also able to connect to the EJB without using any authentication at all. It's like a speak-easy that can be accessed by either saying the password or keeping quiet. I am running the weblogic server with -Djava.security.auth.login.config=security.config system property set. How do I force the server to accept only authenticated requests?
