[jboss-dev-forums] [PicketBox Development] - Re: LoginModule defined with cached=true, but called between web and ejb container

[Darran Lofthouse]

Darran Lofthouse [https://community.jboss.org/people/dlofthouse] created the discussion

"Re: LoginModule defined with cached=true, but called between web and ejb container"

To view the discussion, visit: https://community.jboss.org/message/649453#649453

--------------------------------------------------------------
The reason for the second call is that between the authentication in the web tier and the call to the EJB the username and password could have been set in code to run as a different authenticated user, the switch to use the SecurityDomainContext will cause thise second call to use the same cache as the first call so no second authentication will actually occur and the identity will remain the same - should a username and password  be set then the identity will be switched to the new identity, this is also implemented as a stack so as the call returns the state of the stack is restored to the state it was when the call arrived at the EJB.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/649453#649453]

Start a new discussion in PicketBox Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120130/7ef2612e/attachment.html