Just putting a class into a package namespace does not give you access to the package protected classes. The class needs to be loaded by the same class loader, and depending on the class loader, the same jar to actually be seen as from the org.jboss.security package and non-jboss code does not satisfy this condition unless your rebuilding the server with the login module added to the codebase.
You seem to have a race condition between multiple threads using the same principal. A cached Subject is a shared object and if there is a logout in one thread after authentication in another thread, but before the authorization check these threads are walking over each other. You need a thread local copy of the Subject to isolate these threads. We do this in the jca layer where authorization checks happen well beyond the authentication point, but I don't think this behavior is accessible from the LoginContext. Create a bug report on sourceforge with an example of what your doing and I can look into how this can be supported. http://sourceforge.net/tracker/?group_id=22866&atid=376685 View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854659#3854659 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854659 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
