I have EJBs on my server that users of the account will be accessing through a stand-alone Swing application. The first time the software starts, it'll ask the user for an account ID and password (which I believe are represented by the security principal and credentials respectively). From then on, the software should access a stateless EJB using authentication information. I don't have any trouble accessing the stateless EJB, but the biggest part I'm confused about is how I communicate the security principal and password to the server. Where do I set properties in the stand-alone client code?
[...]
I feel extremely lost and confused with the entire authentication concept of Java EE 5! Authorisation has lots of details written about it - using annotations or deployment descriptors to limit the execution of methods to certain roles. There's even pretty good documentation on how to add users to the system via the admin web interface. The only concept that I can't find a single article or example of is making use of it all!
In my mind, it's the simplest of concepts: Joe has an account ID and password. He only has access to one object on the server, which is referenced from the entity persistence database using his account ID. At the moment, it feels like I would have been better off writing this part of the system manually. Whatever happened to KISS?
Does your JAAS login module reside on the app server or you do authentication on client