> Do you cache the credentials in a web session scope
> and re-logon for each servlet instance ??? *blah*
Actually you have to do it every time the servlet is called, because the servlet handles requests from different clients. But it's not so *blah* actually, because you are just doing the ClientLoginModule stuff from JBoss to bind your credentials; the JBoss server has a credential cache so it won't perform a new server-side login.
I encapsulate this stuff in a handle class, which I store in the http session, then in any servlet code which will call ejbs, the servlet first retrieves this handle class and calls its refresh()
From what I understand, if you use the embedded jboss-tomcat, this is done automatically and you don't have to worry about the refreshing of the credentials.
> But it's not so *blah* actually, because you are just
> doing the ClientLoginModule stuff from JBoss to bind
> your credentials
True enough, I hadn't connected the dots on that one...
> if you use the embedded jboss-tomcat, this is done
This would be handy...so perhaps jboss embedded tomcat can associate a LoginContext against a client session (a client session being maintained by tracking cookies/url re-writing) ?
Thanks for the reminder re: ClientLoginModule ;-)