This content has been marked as final. Show 1 reply
To my knowledge NameCallback and PasswordCallback are not cached. What is cached is Principal for the duration of the HttpSession.
In my login module the scope of the Callback is within the
public boolean login() throws LoginException
so that would negate any chance of caching
Also in the
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
method try to pass the security tokens in the sharedState Map if call backs are insufficient for your purpose. I used this sharedStateMap to pass information between login modules.