2 Replies Latest reply on Dec 3, 2005 4:14 PM by Scott Stark

    JAAS Form Based Authentication Clarification

    Ekta Sehgal Newbie

      I am using JBoss 4.0.2 and have configured my web application to use JAAS.
      I use FORM based authentication and my security Realm is confgured for LdapLoginModule.

      When a user accesses my web application, he is directed to a login page ,(that uses j_security_check) and after a successful authentication and authorization, he is directed to a servlet, that uses a Third party reporting Engine.

      My query is :

      Is it true that JAAS creates a new Prinicipal Object per HttpRequest?
      If yes, then is there a way to ensure that during a session a new principal object is not created in subsequent requests after initial login.

      Any help would be appreciated. Thanks and Regards,