I have written a custom UserManager and have setup security-constraints
against several JSPs in my application...everything works great..almost.
I'm noticing that after the user has successfully been authenticated that my
UserManager is being recalled for every page request made by the user. The
difference being that the user is not reprompted to enter a username and
password. The problem with this is that it causes a lot of additional
overhead because the user is reauthenticated and has the group checking
revalidated for every request. Is it possible to setup Orion so it won't
behave this way? It seems like once the user has been authenticated once
that they should not be reauthenticated until their session has expired.
Thanks
