Yes, that seems to be the case. In fact, I've realized that is why you need both an Authenticator (valve) and a 'SingleSignOn' valve. The SSO valve keeps a cache at the host level's class loader, and the authenticator (web app level) accesses the SSO valve to store and retrieve entries in/from the cache. This allows SSO to operate between web application boundaries.
Having said that, I've solved my issue by moving the code into the authenticator and making calls back to the SSO valve as appropriate. I still believe that the JBossSecurityMgrRealm should work from either context, and think that it is odd that the same instance of the class would provide differing behaviors, as it is accessible and completely logical to call from either context. Thanks for all of your help j2ee_junkie. Josh Freeman View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3952459#3952459 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3952459 All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
