To my knowledge NameCallback and PasswordCallback are not cached. What is cached is Principal for the duration of the HttpSession.
In my login module the scope of the Callback is within the public boolean login() throws LoginException so that would negate any chance of caching Also in the public void initialize(Subject subject, CallbackHandler callbackHandler, | Map sharedState, Map options) method try to pass the security tokens in the sharedState Map if call backs are insufficient for your purpose. I used this sharedStateMap to pass information between login modules. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4117415#4117415 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4117415 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user