JBoss 3.2.5 - Persistent Sessions and JAAS Integrated securi

bryanfeld Jul 30, 2004 9:08 AM

I am using JBoss 3.2.5 with Tomcat 5. I am using integrated container-managed security, by way of a DatabaseServerLoginModule. Tomcat serves this by way of FORM-based security.

When Tomcat 5 persists sessions (e.g. when I re-deploy an EAR file), it appears that everyone's security credentials are lost (e.g. not persisted/reloaded). However, the rest of their "session attributes" are correctly persisted and reloaded. They get sent back to the FORM-based login page, and after logging in, their session is back where it was.

The desired functionality however, is for Tomcat to persist the security credentials too, so that users never experience any hiccup at all.

Can someone please tell me what I'm doing wrong?

1. Re: JBoss 3.2.5 - Persistent Sessions and JAAS Integrated se

stueccles Jul 30, 2004 9:26 AM (in response to bryanfeld)
I can only imagine its a problem because Tomcat stores the credentials after authentication using the internal catalina session.

session.setNote()

rather than the HttpSession. Its possible these session values dont get restored by JBoss.
Actions