Hi,

I am using JBoss 2.2 with embedded Tomcat and I have written my own
LoginModules for JAAS authentication. Calling secure Beans from a Java
client seems to work, but calling them from embedded Tomcat leads to a
Authentication exception. The exception gets thrown by the JBoss
SecurityInterceptor, because the Principal delivered by the
MethodInvocation is null.
But: it is not always null (which may be easy to debug). The Tomcat JSP
is calling a secure bean two times and sometimes the first call is
succesfully handled by my LoginModule and the second call has a null
Principal. Sometimes the first call leads to the exception...

I am using a modified org.jboss.security.ClientLoginModule and it stores
the Principal in a SecurityAssociation object (ThreadLocal). Doesn't
Tomcat using several Threads to process requests from the same
client/session ? If I store the Principal in one Thread and the session
opens a new Thread, how does the Principal get updated ? This may be a
reason for the behaviour described above.


Tobias.

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to