My Oracle Support Banner

Custom Login Module Invoked on Every Request with Basic and HTTPS Client Authentication (Doc ID 468575.1)

Last updated on FEBRUARY 25, 2019

Applies to:

Oracle Containers for J2EE - Version 10.1.3.2.0 and later
Information in this document applies to any platform.
This problem can occur on any platform.

Symptoms

When an application is run, the login module is invoked everytime a submit is entered or when navigating to another page.
This happens when using Basic and HTTPS Client Authentication.

However,when using Form Authentication, the login module is invoked only once. The user has to provide authentication details just once in the OC4J console.

If the user authentication is made after each request, the application performance is affected drastically
which is not the case with Form based authentication.

As per OC4J documents, OC4J invokes the RealmLoginModule whenever user credentials are required.

For example, when a request hits a protected page, OC4J will ask the Oracle Application Server JAAS Provider to authenticate the user.
As a result the RealmLoginModule will be invoked to authenticate the user using the credentials sent by the user via the browser over HTTP.

How do we overcome this problem?

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.