I can see how I can easily extend the supplied jboss login modules to perform login authentication the way I want to but I just need to clear something up.
I want to setup session information against a specific thread local when a subject is authenticated but I am not sure if the LoginModules will give me what I need.
1. User opens browser and browses to url that requires authentication...
2. LoginModule requests login details
3. User then leaves browser open and then browses back to the same site...
What happens at this point?
Does the LoginModule.login method get called again with browser cached details? The reason I ask is because I want to override login and then check the super.login return boolean and if true then I can set session details using a thread local...but once the user has logged in will this method be called everytime the user browses back to the same url when they have not closed the browser!!!
My basic question is where is the best place to associate thread local information from user login?