0 Replies Latest reply on Dec 2, 2010 5:26 AM by Mathias Dolag

    Login-Mechanism in detail

    Mathias Dolag Newbie

      Hello everyone,


      I've got a security context with protected xhtml-files. The authentification-mode is "FORM_BASED" with the "j_security_check"-action. After logging-out the login-formular (a jsp-page) is displayed, because I'm trying to access the protected-overview page, but after logging-out no session is available. My session-timeout is 120minutes. If a user tries to login after the timeout he must login twice, because at the first time he just gets a new session to access the security-context and the login-formular for this new session. This is how far I understand the mechanism.


      Now I want to realize, that a "parking" on the login-page is possible and, even after a session-timeout, only one login is required to access the requested protected xhtml-page. Is there any possibility to temporarily save the login data (entered by the user on the login-page), then check if a session exists and if not create one and automatically retry the login with the previously saved data?


      Is there any detailed documentation about the JBoss-Login-Mechanism? I'm searching for some documentation about which JBoss-Classes act together during first request for a protected page, creating a new session into the security-context and the authorization. Unfortunately I found no information at google about this topic.


      Sorry for my bad english and thanks in advance for your help