Hello world,
I wonder what configuration or piece of code is doing a jaas
authentication refresh
while it's unecessary and unwanted...
I have a web-app running on jboss 3.2.2/tomcat 4.1. It's form based
authenticated.
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myRealm</realm-name>
<form-login-config>
<form-login-page>/authentication.jsp</form-login-page>
<form-error-page>/authenticationFailed.jsp</form-error-page>
</form-login-config>
</login-config>
BTW, the session is declared in web infinite :
<session-config>
<session-timeout>-1</session-timeout>
</session-config>
The JSPs contains the j_security_check form, j_username, j_password...
The realm is defined for my web in a jboss-web.xml :
<jboss-web>
<security-domain>java:/jaas/MyRealm</security-domain>
</jboss-web>
And once it's authenticated, this realm (that extends
org.jboss.security.auth.spi.UsernamePasswordLoginModule) put in
session
the principal and relevant information.
Shoud be Ok. But after few hours (5/6). Something is calling my realm in order
to re-perform authentication whereas the session is still valid (i
guess) and user
info, roles are still there. And redirect the users to authentication JSP...
I had a look on jboss things like AuthenticationCacheJndiName (set by
default to 1800s) and DefautCacheResolution (set to 60s). I did not
change anything on this side. Anyway these times don't match the time
i face for this focres re-authentication issue.
I known this may be more jboss forums relevant but maybe one of you
-clever people- can give me a clue,
Thx,
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
