| Michal Mazny 2004-05-27, 4:34 pm |
| Good day,
please excuse my bad english. I have following problem with repeating
authentication with Custom UserRegistry in WebSphere Application
Server 5.0.2 and above:
In our J2EE aplication we use Custom User Registry for authentication.
We use our implementation of this, which stores and retrives
usernames, passwords, groups and memberships in relational database.
In Web project we have for this time only one general security
constraint for all (/*) mapped to special role. In EAR project this
role is mapped to certain group of users. We use form-based
autentication.
When we developed in Studio 5.0, which used WAS 5.0.0, there
everything worked right: After connecting from browser to main page,
login dialog appeared and after sending loginname and password WAS
issued (only one times) checkPassword function in our UserRegistry.
From this point WAS remembered, that autentication was done and
subsequent requests (in same session) was made WITHOUT repeating
checkPassword function in UserRegistry.
But when we upgraded to WebSphere Studio 5.1.1, which uses WAS 5.0.2
(OR WAS 5.1 - the problem is same), after sending loginname/pwd
checkPassword is issued (O.K.) BUT in ALL subsequent requests (even
for all resources on the page, i.e. pictures) authentication (it means
checkPassword funtion and other 2 functions getUniqueUserId
getUniqueGroupIds) is issued AGAIN. Because this is time-consuming
operation (SELECT from DB), loading of pages and their components is
very slow now.
Besides that, in WAS >5.0.2 the initial Custom Registry
authentication, when server starts, is performed twice (!?).
Please, can you help us?
Thank you very much,
Mike
|