Since the web and the ejb layers are bound by the same security domain. subsequent auth requests(for the ejb calls) after the first successful auth to the web layer, go thru the cache that exists in the JaasSecurityManager. This is normal behavior. You will see auth requests going out to the JaasSecurityManagerService(Is this what you are concerned about?)
Every request on the serverside goes thru security. Thats the reason we have a timed cache for performance. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3931789#3931789 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3931789 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user