Hi!
I've created a simple login module based on org.jboss.security.auth.spi.UsernamePasswordLoginModule.
Also, created a new security domain:
[code]
<security-domain name="mydomain" cache-type="default">
<authentication>
<login-module code="com.test.MylLoginModule" flag="required"></login-module>
</authentication>
</security-domain>
[/code]
jboss-web.xml:
[code]
<jboss-web>
<context-root>myapp</context-root>
<security-domain>mydomain</security-domain>
<disable-audit>true</disable-audit>
</jboss-web>
[/code]
Authentication configuration in web.xml:
[code]
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
[/code]
All works fine, but if to login from several different places (computers), session sometimes seems "shared": login/logout in app running in one machine causes login/logout for the application running on another. In other words, two users trying to login using the same credentials, but from different places.
I was sure such authentication mechanizm works with browser session, isn't it?