1 Reply Latest reply on Feb 23, 2005 8:31 AM by thomas.diesler

Cached authentication problem, possible solution

paper57 Feb 16, 2005 6:40 PM

I had posted before regarding what I perceived as a bug in JbossWS such that upon each invocation of a web service, the subject would be reauthenticated, negating any value the JAAS authentication cache provides and introducing a potentially time/resource consuming requirement.

I was able to solve this by creating a transport specific handler that will call SecurityAssociation.setPrincipal with the result of getUserPrincipal() from the HttpServletRequest object retrieved through the MessageContext.

This is in contrast to the ServerLoginHandler (configured by default) which always calls SecurityAssociation.setPrincipal with a new SimplePrincipal(), which always results in cache miss.

Calling getUserPrincipal() leverages the work tomcat already does to remember and reassociate the user's cached principal with the request.

I am still hopeful there is a better solution, but this is the best I could come up with. Any suggestions?

1. Re: Cached authentication problem, possible solution

thomas.diesler Feb 23, 2005 8:31 AM (in response to paper57)

This is assigned to
http://jira.jboss.com/jira/browse/JBWS-106
Actions