4 Replies Latest reply on Feb 26, 2004 4:12 PM by martin0

    "caching" subjects/principals on the server side

    Edwin Litterst Newbie

      I set up JAAs and it works fine with one exception.
      Each time my client is calling a method of a session bean the complete security code for authentication/authorization is executed again. This is very cpu-intensive because of the involved database queries (I am using an own module derived from AbstractServerLoginModule).
      Isn't there a way for the application server to find out that this client has already been authorized and roles assigned? This information doesn't seem to be sent back to the client (is it possible to do this?) and the server is not able to "map" the client to a subject. Or am I doing something wrong?

      Thanks for your help,