The problem is with each request your browser needs to present some kind of credentials to the webserver, which the webserver can then use to pass necessary information to the JAAS layer. In a simple one app scenario, this is the session cookie. With two apps, how does the security layer know who the caller is when the 1st request for app2 comes in?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3914760#3914760 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3914760 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
