View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3821713#3821713
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3821713 You wrote: "Unless you logout or clear the association, this context can propagate to other threads". The question is 'can' or really propagates?? When ClientLoginModule calls logout() method, the clear() method from SecurityAssociation is called: public static void clear() { SecurityManager sm = System.getSecurityManager(); if( sm != null ) sm.checkPermission(setPrincipalInfoPermission); if( server == true ) { threadPrincipal.set(null); threadCredential.set(null); threadSubject.set(null); } else { SecurityAssociation.principal = null; SecurityAssociation.credential = null; SecurityAssociation.subject = null; } } But I couldn't find what the method set(null) from ThreadLocal really do?? There is no info in doc. Maybe I misunderstood what ThreadLocal do, but it seems that the class keeps the copy of the variable for each thread separately. So that, why clearing is propagated to another threads?? You wrote: "This behavior is automatic in the ejb and web tiers that have a well defined security contract." According to this let's assume that two different methods from one EJB (or some methods from two different EJB) are called and they try to call remote servers (each method connects to different server) by executing the following code: ... Properties props = new Properties(); props.setProperty("java.naming.provider.url","jnp://"+SERVER+":1099"); props.setProperty("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory"); props.setProperty("java.naming.factory.url.pkgs","org.jnp.interfaces"); LoginContext lc = new LoginContext("MY_CLIENT_POLICY", new MyCallbackHandler("USER","PASS".toCharArray())); lc.login(); MyBean mb = MyBeanUtil.getHome(props).create(); mb.callMethod(); lc.logout(); ... Does your sentence means that both method calls are treated independent without mutual influence of setting and clearing security associations?? During the tests I did, I found that when I didn't start any thread inside MBean, it looked like MBeans code was executed in one thread. Is this true?? When there were two MBeans starting on the trot, it was enough to login in the first starting MBean without doing it in the second one. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
