>The SAM is triggered whenever a protected URL is accessed. And it is not
clear why that is not sufficient for your case? With GlassFish 3.1.2.2 it
looks like the SAM is always triggered, whether the URL is protected or not.
With JBoss EAP 6.0.1 the SAM is indeed only triggered for protected
resources. >> How to remember an already logged in user? > You could set a
cookie in the response. The odd thing is that in this case GlassFish indeed
doesn't remember the login by itself, but JBoss EAP does. After a successful
authentication, with GlassFish one needs to re-authenticate with the
container for every request, while JBoss EAP just doesn't call the SAM
anymore as long as the user is logged-in. I'm not sure who's at fault here,
but it's a remarkable difference.
--
[Message sent by forum member 'arjan_t']
View Post: http://forums.java.net/node/889627