hsaha, What should happen (if your web app is session based) is the user is authenticated once in your servlet container. This should occur when user attempts to access a secured url the first time. After this first authentication, the user should not have to authenticate to the servlet container again. As long as the session is the same.
In the EJB container, every request to access a secured EJB must be authenticated. But, the first time a request is authenticated in a JBoss security domain, the username and credential is cached. Then next (and subsequent) request from same principal (i.e. username) are checked to see if credential matchs the cached credential. Thus you should have one JAAS login for your servlet container, and one JAAS login for your EJB container. Any more, indicates yoy may have something configured incorrectly. Unless, of course, that is what you want. hope this helps, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3931585#3931585 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3931585 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
