Hello world, I wonder what configuration or piece of code is doing a jaas authentication refresh while it's unecessary and unwanted... I have a web-app running on jboss 3.2.2/tomcat 4.1. It's form based authenticated.
<login-config> <auth-method>FORM</auth-method> <realm-name>myRealm</realm-name> <form-login-config> <form-login-page>/authentication.jsp</form-login-page> <form-error-page>/authenticationFailed.jsp</form-error-page> </form-login-config> </login-config> BTW, the session is declared in web infinite : <session-config> <session-timeout>-1</session-timeout> </session-config> The JSPs contains the j_security_check form, j_username, j_password... The realm is defined for my web in a jboss-web.xml : <jboss-web> <security-domain>java:/jaas/MyRealm</security-domain> </jboss-web> And once it's authenticated, this realm (that extends org.jboss.security.auth.spi.UsernamePasswordLoginModule) put in session the principal and relevant information. Shoud be Ok. But after few hours (5/6). Something is calling my realm in order to re-perform authentication whereas the session is still valid (i guess) and user info, roles are still there. And redirect the users to authentication JSP... I had a look on jboss things like AuthenticationCacheJndiName (set by default to 1800s) and DefautCacheResolution (set to 60s). I did not change anything on this side. Anyway these times don't match the time i face for this focres re-authentication issue. I known this may be more jboss forums relevant but maybe one of you -clever people- can give me a clue, Thx, --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]