I use the form based authentication through the DatabaseServerLoginMoudle . But I want to know when the login succeed, where the login successful information and role information put so the web container can find and use? can these information be used in application? if so, what can do to use these information?
any help will be appreciated!
HttpServletRequest.getUserPrincipal() and isUserInRole() work for basic login information. Additional security context can be retrieved using the org.jboss.security.SecurityAssociation class (assuming you're running with integrated Tomcat).