Custom Login Module Invoked on Every Request with Basic and HTTPS Client Authentication (Doc ID 468575.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Containers for J2EE - Version: 10.1.3.2.0
This problem can occur on any platform.

Symptoms

When an application is run, the login module is invoked everytime a submit is entered or when navigating to another page.
This happens when using Basic and HTTPS Client Authentication.

However,when using Form Authentication, the login module is invoked only once. The user has to provide authentication details just once in the OC4J console.

If the user authentication is made after each request, the application performance is affected drastically
which is not the case with Form based authentication.

As per OC4J documents, OC4J invokes the RealmLoginModule whenever user credentials are required.

For example, when a request hits a protected page, OC4J will ask the Oracle Application Server JAAS Provider to authenticate the user.
As a result the RealmLoginModule will be invoked to authenticate the user using the credentials sent by the user via the browser over HTTP.

How do we overcome this problem?

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms