I think I get the idea. There is something I'm missing about what's described above. I'm assuming the Filter is called on every reguest. When the 1st user who stores his credentials in the servlet context.. goes to the next resource in the app... wouldnt the check be done... and reject the user.
Also... we're are now saying only attempt to login a user... in the filter... the filter will no longer be used to logout... correct ? Maybe if i store a session id as "logged in proof" in the servlet context.... I can check for that credential.. if it's there I know the users logged in so i can go to the next resource... otherwise I reject them. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190623#4190623 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190623 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user