Hello Everyone I'm working with an application that access secure EJBs through a unsecure servlet. To do this the servlet execute a ClientLoginModule before make the EJB calls (where a second (server) login module is executed based on the realm configured for the EJB).
Once made the first EJB call (and executed the server login module for the first time), the following calls (sent as new http requests) sometimes execute the server login module, sometimes not. My questions are: what is the mecanism used by JBoss to do this kind of "single-sign-on" and where I can find documentation about it? Can I control it (trigger or not the server login module when I wanted)? I've tested if the JBoss uses the HttpSession but I think it doesn't use (invalidating the http session is not sufficient to compel JBoss to execute again the server login module). I've read the development manual (version 3.0.5) and didn't find anything about this in the security chapter. One thing that I've noticed is that if I make a second ClientLoginModule with a diferent password the server login module is triggered. I'm using JBoss version 3.0.4 Best Wishes Antonio Carlos View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3845061#3845061 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3845061 ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
