Thanks for the quick reply Cuoz. I'm beginning to understand what the actual problem is with my web-app. You see, I've been mixing the j_security_check and a self-written JAAS authentication method. j_security_check however, doesn't provide the solution I'm looking for. Because it doesn't integrate with a struts environment. I would have to code a Servlet separate from struts for the building of the web-app so to say. And have struts handle the rest of the workflow. I'm going to read some more about JAAS authentication, I think I was on the right track with the filter.
As for the logout action, I've noticed that if I just invalidate the session, the server will create a new one when the user presses the "back"-button. I solved that issue with another filter which checks if a user has credentials (just for now, but I will make it more secure with time). And I remove those credentials with the logoutAction. But that's kind of off-topic here :) Anyway, thanks again. You've helped me back on track. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854387#3854387 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854387 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
