Answers below :-
(1) If you want to use JAAS for authentication, YES
(2) Passwords are NEVER stored in request. Principal can be got from the request after successful authentication by calling
(3)After successful authentication Principal is cached till the expiry of HttpSession. Yes no, need for extra authentication till session expires.
(4) Can be used from JSP's and Servlets,. For that matter any web based client is fine this way.
Not Swing. You'll need to a typical JAAS login (with CallbackHandlers and config files) for that. No .NET client cannot do a JAAS login.
Hope this helps
Thanks ragavgomatam. That helps a lot.
Do you know of any resources/examples for the SWING authentication?
Check out the sticky
JAAS Howto:README FIRSTin this forum