This content has been marked as final.
Show 3 replies
-
1. Re: how is principal cached for subsequent accesses to web a
martin0 Feb 26, 2004 3:35 AM (in response to martin0)I can confirm JaasSecurityManager settings:
AuthenticationCacheJndiName java:/timedCacheFactory
DefaultCacheTimeout 1800
DefaultCacheResolution 60
Martin -
2. Re: how is principal cached for subsequent accesses to web a
martin0 Feb 26, 2004 7:13 AM (in response to martin0)Looking at the JavaWorld JAAS paper again, I see that subsequent web calls *don't* use the principal object, leading me to think I have to cache the principal in HTTPSession, and using it appropriately there after.
This assumes I can run some servlet/jsp code before the restricted stuff that requires the principal.
Martin -
3. Re: how is principal cached for subsequent accesses to web a
martin0 Feb 27, 2004 2:32 PM (in response to martin0)Working now - syntax of security-constraint/web-resource-collection/url-pattern was more limited than I appreciated.
Servlet container caches auth details.
Martin