This is my guess....When a Http Request is sent by the browser to a web based Jaas enabled application, the request is first intercepted by the container using j_security_check, j_user_name and j_password. Then it is jaas logged in and the HttpRequest is attached the Principal ...After that the request is passed on to the secured web app with the Request populated...However when you programatically login do you use j_security_check for the container to intercept ? I think not....Your request come directly to servlet where you use callback handlers to do jaas login...This helps to propogate your credentials to ejb container, where as web container is bypassed...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136058#4136058 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136058 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
