How did you build JAAS? JAAS is just API, not implementation right?
Did you use any framework or tool for help?
For smaller projects I use a managed bean in conjunction with a servlet filter. I also have singleton UserRegistry class that both the loginhandler and the filter can access. this works very reliably.
for bigger projects where we need to integrate several systems with single-sign in we use JAAS, but for small projects that's way overkill.
cheers
dave
