I?ll try to be more clear. The client uses a custom client login module, because ClientLoginModule doesn?t send ObjectCallback. This custom client login module uses SecurityAssociation.
The client logins to the server (actually only to the client side login module) and calls two security domain protected methods consequently. At server-side the server login module authenticates the client. As I understand, the callbacks (credentials) are cached at that time. Then, before every of the two method calls it compares the subject?s credentials against the cached credentials. Everything is OK. Then the same client tries to repeat the same action. The difference is that the finger print is not absolutely the same. And this time, the login() method is not called immediately. First, the credentials are compared. And the finger print is not absolutely the same. And the finger print is passed to the login module to be authenticated. And the login module authenticates it successfully (#2). It?s OK. Then, the first method is called. But when comparing the credentials before the second method call, the currently provided credentials are compared against the credentials cached when the client was authenticated for the VERY FIRST time. This means that when the login module worked previous time (#2) it didn?t cache the credentials? The client will be authenticated again, but this demands more time than just comparing the array or its MD5 code. It?s unacceptable to perform the fill authentication before every of the 100 or 1000 method calls. I think a good approach will be to clear the cache every time a login module is used and, if authentication is successful, to cache newly provided credentials. I hope I expressed more clear :) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3924306#3924306 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3924306 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
