Scott, you are almost certainly right, but I am at a loss as to how to do what I need to do.
My webapp is a servlet and a set of html and jsp pages, all protected by JBoss security. If the user enters at the "top" of the site he runs the servlet and all is well. If he later uses his browser history or just remembers the url for one of the pages and enters directly in to the "middle" of the site, JBoss security protects the page and forces authentication, but the user gets to the page without running the servlet and his session info is not set. Gerry ----- Original Message ----- From: "Scott M Stark" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 27, 2001 11:19 PM Subject: Re: [JBoss-user] Login Module Question > Why is this necessary? This seems like a web container implementation detail > and JAAS login modules are about abstracting out authentication mechanisms. > If there is some session info that needs to be returned do it from the > secured > servlet or jsp page. > > ----- Original Message ----- > From: Gerry Duhig > To: [EMAIL PROTECTED] > Sent: Thursday, September 27, 2001 1:46 PM > Subject: [JBoss-user] Login Module Question > > > Hi! > > In a Custom Login Module, is it possible to communicate with the user? > > I have replaced a servlet by a custom Login module, but I need to write a > cookie or force a servlet to be run. > > Is this possible? > > Is it a stupid idea? It doesn't seem so! > > Gerry > > > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
