Hi,
I have 2 ears deployed in
JBOSS AS5.0. the first ear performs the login through DatabaseServerLoginModule.
After the successful logging in the application displays a page with links to other application, where the logged in user have roles.
Till this time everything works fine.
Now when the user clicks on any link in this page to launch the specific application (This app is in another ear)
From the logs what i am getting is
Failed authenticate() test
2009-02-20 15:49:41,113 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Calling authenticate()
2009-02-20 15:49:41,113 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-127.0.0.1-8080-1) Save request in session '84809F9A31FA276F5CC0E05BE653DAC2'
2009-02-20 15:49:41,113 TRACE [org.apache.catalina.core.StandardWrapper] (http-127.0.0.1-8080-1) Returning non-STM instance
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1)
jsp, runAs: null
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,129 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,129 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/admin].[jsp]] (http-127.0.0.1-8080-1) Disabling the response for futher output
2009-02-20 15:49:41,129 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Failed authenticate() test2009-02-20 15:49:41,129 TRACE [org.jboss.security.SecurityRolesAssociation] (http-127.0.0.1-8080-1) Setting threadlocal:null
One thing I noticed is like JBOSS is again trying to do an authentication against the logged in user when he clicks on the link. I don’t know why it has to do it again.
I was expecting the role already authorized should follow to the subsequent requests?
Another thing I noticed is when the user logs in to the application one sessionID is created .After logging in when clicks on the link to launch other application, it creates another session ID
I suspect this could be the reason why the second app is again going for an authentication against the role.
Please advice what needs to be done in this scenario?
Appreciate your help