-
1. Re: Single Login
jwkaltz Apr 11, 2002 4:15 AM (in response to r_clegg1)It is an interesting question, I don't have a simple solution, but the most efficient way would probably to write your own security interceptor. This is described in the JBoss documentation, though I haven't tried it myself.
I guess what you need to achieve, instead of checking calls only on username/password credentials (which is what the default security layer does), is cache username/password/http-session-id in your security layer. -
2. Re: Single Login
jean.christophe Apr 12, 2002 10:53 AM (in response to r_clegg1)This question (or the issue of caching passwd+user)
seems to be recurrent (I post the same question
3 days ago, and have seen different questions
regarding caching changing passwd, etc)
may be we can try to find a clean common solution,
or to do a FAQ !
jc
! This is not the clean version at all !
Meanwhile, I thought to a 'hack solution' for the single login :
adding a random piece of junk (+maybe hostname+time!)
before the passwd well it is nasty but it will avoid
to call the cache version of the real password during
loggin phase I do not know if it can be implemented
in a web context (but this is not my case and you may be able to add the sessionid in this case ?) or if a MD5
version of the passwd is encoded ?