Scott, Thanks for the answer. I agree that it is not likely that the web browser will be able to provide custom credentials. But I also do not think that I have to go that far as the unique id that I want to add to the principal to make it "unique" could be generated right at the tomcat/JBoss junction, on the server side, I think. For example, tomcat is going to generate an HTTP session ID that will definitely uniquely identify the web browser session. On the server side, at the time the principal used in the security domain cache is created, if I could "just" create my own principla right here and add the HTTP session id to it (one that I generate would work as well), I think it would work.
Does that make sense or is it also something that is not possible without a tomcat feature request? Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878523#3878523 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878523 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
