Just a though: I have written more or less the same FormAuthValve you have for our apps ( since we don't use your SecurityAssociation object, we have our own Principal class).
I use too a threadlocal var to hold my loginexception in order to overcome the JAAS limitation, but in my implementation, I just put the populateSession() method in the forwardToErrorPage(), and not in :authenticate() and forwardtoLoginPage(). Doing so the use of notes to avoid doing the work several times is not required any more. - antonio View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101687#4101687 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4101687 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user