Client ProgramaticLogin and Subject
I have a remote secure ejb deployed on GF 3.1.2, protected declarativly on a custom realm.
A ProgramaticLogin is made from a stand alone java client , the look up and invoking is working fine.
Is there a way to get the subject on the client side?
how secure is this Subject? can it be tampered by the Stand alone client(Say add more roles )? If so is there a way to Sign the subject in GF? , so it can verified on the server?
In general how this entire thing works?
Also if I have 2 different servers (stand alone) running in the same domain and have the same default security realm ,do I need to make 2 PL login calls from the client, one for each host?