[jboss-user] [Security & JAAS/JBoss] - WebAuthentication only authenticates for a single request?
Plukh
do-not-reply at jboss.com
Mon May 25 11:16:46 EDT 2009
I'm trying to implement programmatic Web login on JBoss 5.0.1 GA. After I made my custom login module working, I ran into the following issue. When I log the user in (by using WebAuthentication.login()), all user-related methods (such as getRemoteUser and isUserInRole) work correctly. On next request, however, it seems like the association is lost - getUserPrincipal/getRemoteUser return null, etc.
I know that with form-based auth, once security check is triggered and user is logged in, it remains logged-in until the session expires. Why isn't that so with programmatic login? Is this something I'm doing wrong on my end, or is that how WebAuthentication is supposed to work?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233075#4233075
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4233075
More information about the jboss-user
mailing list