It assumes this context:
1.One ejb jar with one X Stateless .
2.Another ejb jar with Y Stateless.
3.The Security Domain is the same for both.
Well, the login was made for client with user A. At this moment was
performed one method of the X Stateless. In the sequence client perform another
method in Y Stateless. The Subject is OK.
The client made the logout.
Now the client made the login with user B perform the same method in X
Stateless. After this it executed the same method in Y Stateless. At this
moment the Subject is of user A.
I'm using isValid(principal,credential,subject) SecurityAssociation method
to retrieve the Subject. In my jboss-service.xml JAAS Security Manager
configuration the attribute is DefaultCacheTimeout = 0 and
DefaultCacheResolution = 0.
What's the problem??? Why the user A Subject still exists in the EJB
Container after the first logout.
My environment:
-OpenSuSE Linux version 10.0
-JDK vesion 1.5.0_06
-JBoss-AS version4.0.4.GA
-EJB3 RC9FD+Patch.
Thaks a lot.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038361#4038361
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038361
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
