Hello, I've come across a strange problem whith the JAAS authentication system.

I have enabled JAAS security in the http-invoker system by adding my security policy in the jboss-web.xml and updating web.xml to force authentication for all servlets. And this has all worked except that every time any servlet in http-invoker does an authentication it seems that the JAAS cache is not used and the request goes right through to my login module which is slow.

The actual EJB level authentications do seem to use the cache. It's just the web app authentication that skip over the cache.

Anyone have any ideas why this is happening? Is it a problem with the way Jetty does authentication?

Thanks

Oliver Hutchison