I'm trying to use a custom log in form in a JBOSS app, but am running into a problem. I'm able to successfully authenticate the user, and retrieve a Subject from my LoginContext. However, once that request is done, the application seems to forget that the user was logged in. How does JAAS and JBOSS keep track of the logged in user? Is this done by keeping a singleton of LoginContext around in some scope? Right now I'm creating a new instance of LoginContext, and using it to load a new instance of my CallbackHandler. Note, when I used JBOSS default form based authentication, it kept the user logged in. However, I can't use their default auth because I have some custom things I need to do. Thanks in advance for any help you provide.

As soon as user logs in store that information in application context and remove that when s/he logs out. Hope this helps. Thanks, Vinod http://blog.vinodsingh.com/

Thanks for the reply. What do you mean by application context? I googled it and it looks like its a class in spring and seam, but I'm not using either. Also, what do I store in it? The Subject? The LoginContext? JBOSS automatically forwards to a login page unless it thinks the user is logged in. How does it determine this?