I can confirm your troubles with JBoss 3.2.5 and Struts 1.2.4 - But I am not sure whose fault it is. The problem is very clear: JBoss forgets the user principal after the next http request.
I haven't found any way to resolve that issue except reauthentification for each action. I have written myself an (AspectJ) aspect for constant reauthentification: public aspect WebAuthentificationAspect | { | public pointcut authOperations ( HttpServletRequest request ) : | within ( de.prilmeier.mysabom.web.action.* ) && | ! within ( de.prilmeier.mysabom.web.action.LoginAction ) && | args ( *, *, request, * ) && | execution ( * execute ( .., HttpServletRequest, .. ) ); | | before ( HttpServletRequest request ) throws Exception : authOperations ( request ) | { | HttpSession session = request.getSession ( false ); | String password = ( String ) session.getAttribute ( Constants.PASSWORD_KEY ); | String userName = ( String ) session.getAttribute ( Constants.USER_NAME_KEY ); | | LoginCallbackHandler lch = new LoginCallbackHandler ( userName, password ); | LoginContext lc = new LoginContext ( "mysabom", lch ); | lc.login (); | } | } That's no good programming style, but it works. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3852646#3852646 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3852646 ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user