If I run the JAAS example (examples/security/jaas) that comes with
wl8.1 sp1 but use wlclient.jar instead of weblogic.jar, the
LoginContext.login() method returns a Subject even if I pass in an
invalid user/password combination. If weblogic.jar is in the
classpath, a javax.security.auth.login.LoginException is thrown which
is what I want to happen for invalid credentials. When running with
wlclient.jar, the code doesn't fail until it actually attempts to
access the EJB at which point it gets a org.omg.CORBA.NO_PERMISSION.

I am trying to use JAAS to login from a swing app and I want to use
wlclient.jar instead of weblogic.jar, but I need to be able to
determine whether the login was successful without waiting until I
access a secured EJB. Why does wlclient.jar behave differently than
weblogic.jar? How can I determine if my login worked if Weblogic is
going to return a Subject no matter what username/password I pass in?

Thanks, Hal