The lack of logoff ability (short of closing the browser) is one issue. You also have to pass the auth headers with each request, instead of having auth linked to a session (is this true with jboss? I don't know for sure.)
And for customer/user facing applications, having a login form integrated within your design is usually preferable. Those are my thoughts at any rate... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4051145#4051145 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4051145 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
