I have a basic JSR 196 implementation to allow single sign on based on request information. It all works fine with a sample application I have created, but when I integrate with our internal system, i seem to get inconsistent results from the Request Policy's isManditory method.
What I am seeing is that a resource that is protected by web.xml security constraints is returning "false" for isManditory on the first invocation, so I return AuthStatus.SUCCESS. However, this causes what can only be explained as infinite redirection, as the resource is protected and requires a Subject and the JSR 196 provider is invoked over and over again.
If I remote debug this session and manually change isManditory to true for the first invocation, i do the Subject creation and every subsequent invocation returns true as is expected.
Can anyone provide some information on where I should start looking to find out why i am seeing such behavior from Glassfish?
[Message sent by forum member 'vinsonizer' (vinsonizer)]
http://forums.java.net/jive/thread.jspa?messageID=278581