Hi, I'm developing a JAX-RPC service to let a remote application invoke a method on a server. I invoke the service on a secure (https) channel and verify user identity using JAAS authentication. Everything works fine, if the remote password matches, otherwise it looks that the client keeps on trying many times (or the server redirects, I don't know). I don't like this beahviour since due the security policies after 3 retries the user is disabled. I'd like only one attempt with the wrong password is made. The point is that I get the following errors. On the server: 12:13:10,016 ERROR [ROM] [_system_] com.bitaplus.bitastar.common.exception.InvalidPasswordException: Invalid password for user 'login' | at com.bitaplus.bitastar.business.util.CurveUserHelper.performValidateLogin(CurveUserHelper.java:141) | at com.bitaplus.bitastar.business.ejbs.implementations.StarAccessBean.validateLogin(StarAccessBean.java:66) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | ..... | | [***THIS IS REPEATED MANY TIMES***] | On the client: | 2007-05-09 12:13:10,491 [http-8080-Processor24] ERROR [ROM] [login] org.jboss.ws.metadata.wsdl.WSDLException: java.net.ProtocolException: Server redirected too many times (20) | at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:198) | at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.parse(WSDLDefinitionsFactory.java:106) | at org.jboss.ws.metadata.ServiceMetaData.getWsdlDefinitions(ServiceMetaData.java:263) | at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:113) | at org.jboss.ws.deployment.JSR109ClientMetaDataBuilder.buildMetaData(JSR109ClientMetaDataBuilder.java:85) | at org.jboss.ws.jaxrpc.ServiceImpl.<init>(ServiceImpl.java:96) | at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:158) | at org.jboss.ws.jaxrpc.ServiceFactoryImpl.createService(ServiceFactoryImpl.java:143) | [snip] | Caused by: java.net.ProtocolException: Server redirected too many times (20) | at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) | at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) | at java.net.URL.openStream(Unknown Source) | at org.jboss.ws.metadata.wsdl.WSDLDefinitionsFactory.getDocument(WSDLDefinitionsFactory.java:181) | ... 45 more | The client code: | // setting up the authenticator (BasicAuthenticator extends java.net.Authenticator) | BasicAuthenticator ba = new BasicAuthenticator(username, password); | Authenticator.setDefault(ba); | // setting a relaxed host verifier (to avoid too strict the server name checking) | HttpsURLConnection.setDefaultHostnameVerifier(new NiceVerifier()); | // get service | String urlstr = "https://cor319.cor-fs.com:8443/bitatraveller/TravellerSynchronizer"; | URL url = new URL(urlstr); | String ns = "https://ws.web.bitastar.bitaplus.com/"; | QName qname = new QName(ns, "TravellerSynchronizer"); | QName port = new QName(ns, "TravellerSynchronizerIfacePort"); | QName operation = new QName(ns, "synchronize"); | ServiceFactoryImpl sfi = new ServiceFactoryImpl(); | // read mapping file | File mapping = new File("mapping.xml"); | Service service = sfi.createService(url, qname, mapping.toURL()); | // call service | Call call = service.createCall(port, operation); | ClientCharacteristics cc = (ClientCharacteristics) call.invoke(new Object[] { characters }); | I don't want to bother you with all my configuration files (WSDL & mapping.xml) since I think they are correct, otherwise the service didn't work if the passwords match. There isn't any valve in the middle or elements which may perform redirections. Can you help me to configure the service so it only performs one login attempt, please? Alternatively, can you point me to the right resources? thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4044252#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...