good solution, but only for jboss. if i want to keep my code j2ee-plattform independent (k, i know jboss is the only one) what should i do ?!?
there is also another functional requirement. what happens if change my password and afterwards i want to click through my web-app. after a cache-miss (auth-cache timeout or full) the web-container raises the login-page and i have to login myself again but with the new credentials. I WILL NOT LOGIN during my allready authenticated web-session!!!