Maybe a stupid question.....

[Gerry Duhig <ge...@nectar.demon.co.uk>]

Hi!

We are prototyping a soap based application. There'll be a client accessing several EJBs (running under JBoss)  remotely using soap. You can tell from the vagueness that this is early days and we are just trying to determine the architecture.

I have read up on JBoss security and understand how to make an EJB app secure. I have even made a sample bean secure and stopped clients being able to get at it.

Now the question. Can I go back along the application path and say apply JBoss type security to the Soap Servlet? Will it be possible for the client to do authentication, effectively over Soap?

If this is nonsense please excuse the ignorance and explain - thanks!

Gerry