Custom Login Module Invoked on Every Request with Basic and HTTPS Client Authentication
(Doc ID 468575.1)
Last updated on OCTOBER 07, 2022
Applies to:
Oracle Containers for J2EE - Version 10.1.3.2.0 and laterInformation in this document applies to any platform.
This problem can occur on any platform.
Symptoms
When an application is run, the login module is invoked everytime a submit is entered or when navigating to another page.
This happens when using Basic and HTTPS Client Authentication.
However,when using Form Authentication, the login module is invoked only once. The user has to provide authentication details just once in the OC4J console.
If the user authentication is made after each request, the application performance is affected drastically
However,when using Form Authentication, the login module is invoked only once. The user has to provide authentication details just once in the OC4J console.
If the user authentication is made after each request, the application performance is affected drastically
which is not the case with Form based authentication.
As per OC4J documents, OC4J invokes the RealmLoginModule whenever user credentials are required.
For example, when a request hits a protected page, OC4J will ask the Oracle Application Server JAAS Provider to authenticate the user.
As per OC4J documents, OC4J invokes the RealmLoginModule whenever user credentials are required.
For example, when a request hits a protected page, OC4J will ask the Oracle Application Server JAAS Provider to authenticate the user.
As a result the RealmLoginModule will be invoked to authenticate the user using the credentials sent by the user via the browser over HTTP.
How do we overcome this problem?
How do we overcome this problem?
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |