Hi all,

I'm using jboss3.0.0-tomcat4.0.3 to test my j2ee application, and I have the following problem:

I have an EAR deployed with a couple of web-apps. In both web-apps I have security constraints, so I have the jboss-web.xml descriptor for each of the web-apps, pointing to the security domain I use. Both web-apps expect the same
roles for the security constraints.

The problem is that one web-app redirects to the other, and although I have logged in the first one, the second web-app asks me to log in again. I expected that the second web-app would notice that the user is already in that role but it doesn't.

I suppose a solution would be to join the web-apps in one, but I would like them to be separate.

I don't know if this a specification issue, a configuration error or a bug. Can anyone tell me?

Thanks.
Ferran