Darran Lofthouse [
https://community.jboss.org/people/dlofthouse] created the discussion
"Re: LoginModule defined with cached=true, but called between web and ejb
container"
To view the discussion, visit:
https://community.jboss.org/message/649453#649453
--------------------------------------------------------------
The reason for the second call is that between the authentication in the web tier and the
call to the EJB the username and password could have been set in code to run as a
different authenticated user, the switch to use the SecurityDomainContext will cause thise
second call to use the same cache as the first call so no second authentication will
actually occur and the identity will remain the same - should a username and password be
set then the identity will be switched to the new identity, this is also implemented as a
stack so as the call returns the state of the stack is restored to the state it was when
the call arrived at the EJB.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/649453#649453]
Start a new discussion in PicketBox Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]