If you add the attribute 'requireReauthentication="true"' to the SingleSignOn valvel element in server.xml, all requests will be passed to the security Realm for authentication. If the security manager's cache has been flushed, the authentication request will come through to your login module.
A timeout of a session will not invalidate the SSO (unless it was the only session associated with the SSO), so the user will not be asked for their credentials. The credentials cached in the SSO will be used. But the request will go to your login module. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3911585#3911585 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3911585 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
