I tell a lie, you can't get access to the users session easily from a realm's authenticate method.
Perhaps I could write a valve that looks at the request and looks up the realm the user belongs to. I could then cache the subjects in the realm and run the rest of the pipeline using doAs(subject, xxxx). This seems awfully low level but I can't see another way. Can anyone suggest an alternative ? Surely this problem has been encountered before. On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: > I have set up form based authentication for Tomcat 4.1.18 using the > JAASRealm and I am using it to connect to a remote JBoss server. > Whenever a new user logs in all of the sessions of the existing users > take on the identity of the new user on the EJB server. > > It appears as if something needs to be done to associate the JAAS > subject with the current thread every time a request comes in. I can > cache the subject in the session but I'm not sure how to go about doing > the association. > > Any ideas ? -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]