The purpose of caching is to avoid an expensive authentication operation to the security server.
Passing credentials to the EJB layer is outside the requirements; the goal is to use the token for post-JBossWS layer authentication (and again avoid an expensive authentication call). Storing the token in the MessageContext is convenient to this use case. (EJB layer invocation is not through InvokerProviderEJB but through a custom provider to support backend heterogeneity.) My question is more relevant to using a custom handler for authentication (similar to SimpleAuthenticationHandler.java) as opposed to using a JAAS login module. Could someone please comment on this. Thanks. Darma View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866120#3866120 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866120 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
