0 Replies Latest reply on Jun 20, 2002 8:54 AM by Ferran

    Security question

    Ferran Newbie

      Hi all,

      I'm using jboss3.0.0-tomcat4.0.3 to test my j2ee application, and I have the following problem:

      I have an EAR deployed with a couple of web-apps. In both web-apps I have security constraints, so I have the jboss-web.xml descriptor for each of the web-apps, pointing to the security domain I use. Both web-apps expect the same
      roles for the security constraints.

      The problem is that one web-app redirects to the other, and although I have logged in the first one, the second web-app asks me to log in again. I expected that the second web-app would notice that the user is already in that role but it doesn't.

      I suppose a solution would be to join the web-apps in one, but I would like them to be separate.

      I don't know if this a specification issue, a configuration error or a bug. Can anyone tell me?