[jboss-user] [Security & JAAS/JBoss] - Re: LoginFilter vs. WebAuthenticator
clevelam
do-not-reply at jboss.com
Wed Nov 19 13:33:41 EST 2008
I don't have any EJBs.
Question regarding the filter approach. The examples that I have seen online do login call, chain.doFilter (to call next filter or resource), then logout.
The login / logout calls make database calls. This seems expensive to me to do login / logout on every resource call.
Additionally, I have a requirement to prevent multiple sessions for having access to the resources. Meaning I want to wait until person 1 is completely done with the app before I allow person 2 in.
To work this out.. is there a filter pattern that does not call logout everytime and store's login credentials somewhere ???
I chose the Webauthenticator because once authenticated all resources can be restricted in the web.xml and the authenticated user has access until he logs out. And no more login calls need to be made.
Please provide an example.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190599#4190599
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190599
More information about the jboss-user
mailing list