This content has been marked as final.
Show 2 replies
-
1. Re: JAAS Security
shady Jan 14, 2005 12:21 PM (in response to sbuster)I am very interested in this too. I am trying to build in authentication into my webapp. It apears that the subject is lost between requests. I thought, once authenticated a subject lasts for teh duration of the session. In my scenario I invoke a prtected JSP and am taken to my form based log on age. I log on no problem. I now invoke an unprotected page. I try and access the subject but a null is return. When I again invoke a protected page I am asked to log on again! Surely this is teh incorrect behaviour.
-
2. Re: JAAS Security
starksm64 Jan 14, 2005 4:12 PM (in response to sbuster)Read the JAAS howto where it talks about the web tier security integration. Unless you are under a uri secured via a security constraint there does not have to be a principal associated with the request.