Michael,
Would it be possible for you to show me your current realm and jaas configuration again? I have just tested this again using the latest code and can not reproduce repeated calls to the login module.
My realm definition is now: -
<security-realm name="ApplicationRealm">
<authentication>
<jaas name="other"/>
</authentication>
</security-realm>
And my domain defintiion is still: -
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
However I am running with slightly modified code to output a stack trace each and every time the module is called at the moment I am only seeing it called twice: -
1 - As the connection is authenticated.
2 - For the first EJB call.
Updating the connection authentication to ensure that it also uses the cache is the task I am currently working on so that will be reduced down to just a single call but there must be something else we are missing if you are still seeing multiple calls so I would like to make sure we understand that so that your scenario is covered.