3 Replies Latest reply on Aug 20, 2008 7:38 PM by Ragav Gomatam

    some questions on authentication

    mandeep sethi Newbie

      Hi All,
      Apologize if these questions have been asked before or if they are naive, but I am writing after doing some search on the web and the forum. Do point me out to any tutorial / web resource if you think they can answer my questions.

      I am relatively new to JBoss/JAAS authentication, and have successfully implemented a sample web application which uses the form based authentication method. On the server side, I have a custom class which extends the DataBaseLoginModule. My questions were the following:

      1) Does one have to use form with 'j_security_check' to initialize the security workflow?
      2) How could I extend this if I needed to have the username password in my HTTP request?
      3) It seems like once JBoss authenticates the user, a HTTP session is maintained until the JBoss cache expires. Is this true? Meaning once logged into a web application, and if the subsequent JSP / Servlet calls fall inside the security restrictions defined in a web.xml, a session is maintained and there is no need for extra authentication on each step.
      4) I understand jboss 'webauthentication' is similar but is mostly for programmatic login. Can it be used from a JSP / Swing/ .NET client?? If so how, is there any useful web resource / tutorial you could point me to?

      Thanks and hoping fro some feedback from the forum.