[jboss-user] [Security & JAAS/JBoss] - Re: LoginFilter vs. WebAuthenticator

clevelam do-not-reply at jboss.com
Wed Nov 19 15:22:14 EST 2008


I think I get the idea.    

There is something I'm missing about what's described above.  I'm assuming the Filter is called on every reguest.  When the 1st user who stores his credentials in the servlet context.. goes to the next resource in the app... wouldnt the check be done... and reject the user.

Also... we're are now saying only attempt to login a user... in the filter... the filter will no longer be used to logout... correct ?

Maybe if i store a session id as "logged in proof" in the servlet context.... I can check for that credential.. if it's there I know the users logged in so i can go to the next resource... otherwise I reject them.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190623#4190623

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190623



More information about the jboss-user mailing list