I have developed a custom loginmodule that extends UsernamePasswordLoginModule. It overrides validatePassword to authenticate with RSA SecurID passcode. The passcode changes every 60 seconds. This works except for one bug ;)
It is possible for user "x" to authenticate and play around on the webpages. User "x" can then start another browser and log in with that as well.
The problem apers if user "x" then tries to go back to the first browser. The loginmodule will vaildatePassword once more (with the password entered when the first session started). I guess this will work ok with static passwords, but it will not work in this environment.
Is it possible to make JBoss/Catalina remember that the session once was autenticated?