Caching of authentication credentials does not appear to be occuring when invoking web services and using BASIC authentication. With the following configuration, and a sample cofiguration of DatabaseServerLoginModule, upon every invocation of the web service, the username and password are validated by a call to the database.

This is in contrast to BASIC authentication performed to secure a jsp page, which only queries the database intitially and summarially uses the cached value until expiration.

jboss.xml:
<jboss>
<security-domain>java:/jaas/TestRealm</security-domain>
<enterprise-beans>
<session>
<ejb-name>TestSessionEJB</ejb-name>
<local-jndi-name>test/TestSession</local-jndi-name>
<port-component>
<port-component-name>TestSessionEndPointPort</port-component-name>
<auth-method>BASIC</auth-method>
</port-component>
</session>
</enterprise-beans>
</jboss>

ejb-jar.xml:
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>TestSessionEJB</ejb-name>
<local-home>com.xpel.test.LocalTestSessionHome</local-home>
<local>com.xpel.test.LocalTestSession</local>
<ejb-class>com.xpel.test.TestSessionBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<service-endpoint>com.xpel.test.TestSessionEndPoint</service-endpoint>
</session>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>csr</role-name>
</security-role>
<method-permission>
<role-name>csr</role-name>
<method>
<ejb-name>TestSessionEJB</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
<method-permission>
<role-name>csr</role-name>
<method>
<ejb-name>TestSessionEJB</ejb-name>
<method-name>foo</method-name>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>