Right now, once the HTTP session is authenticated, the token is not used
to check timeouts. It relies on the application's HTTP Session settings
to handle timeout. Not sure if that is the right approach or not.
BTW, check out keycloak.org. We've taken this stuff to the next level.
On 1/26/20
Hi James,
Glad the header problem is solved :-)
For Beaer token, sorry I’m not familiar about it, but if it uses cookies to
store authentication information, you can try to check your browser to see if
the ‘Expires’ field of the cookie is set correctly or not. For example, if you
are using Fir
Hi Weinan,
The AWS load balancer sends an X-Forwarded-Proto header to the Jboss server
in the backed, which Jboss is able to use if I add this valve and option to
my jboss-web.xml:
org.apache.catalina.valves.RemoteIpValve
protocolHeader
x-forwarded-pro
Hi James,
Sorry I’m not familiar with AWS load balancer. I know that mod_jk supports to
pass client SSL information to backend JBoss server and the application in
JBoss server could use the information to do their work. And mod_jk is using
standard AJPv13 protocol to forward the client SSL in
I am trying to use RestEasy in Jboss as a central auth server to
authenticate REST calls behind an AWS load balancer. Ideally, this load
balancer would communicate to the Jboss server over HTTP (not https) as the
SSL part is handled at the load balancer level before hitting the auth
server in the b