afjochnick, Every request (for a secured resource) to the JBoss server (even from the Tomcat server) needs to contain the username and password. There is no http-like session. What should happen is that the username and password is cached in JBossSX so each request is checked against the cache version versus always invoking the login process (which in your case means accessing your LDAP server.) So if you are not seeing this behavior some things to check are...
1) the cache timeout settings for your security manager 2) enable TRACE logging in JBossSX to see what the principal being check is as well as that the authentication cache contains. 3) you can also view the contents of the authentication cache for the security domain using the jmx-console (jboss.security:service=JaasSecurityManager) hope this helps, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3945651#3945651 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3945651 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
