[jboss-user] [Security & JAAS/JBoss] - Re: JAAS multi-threaded=true causing SecurityException princ
j2ee_junkie
do-not-reply at jboss.com
Tue Aug 15 08:49:54 EDT 2006
I was trying to get you to do some research so you understand your situation better and then you could see what you were doing wrong. In any case...
Your problem is that ClientLoginModule only passes security data to JBoss invocation within the current thread. However, Tomcat uses thread pools to handle requests. So one request might work fine, but the other would not. When Tomcat is embedded in JBoss, a valve is added to pipeline that ensures the security data is present on each request thread. If you want to use Tomcat outside of JBoss, you need to make sure that this valve is used. Also, since Tomcat is not using JBossSecurityMgrRealm (or its newer relative) the security data does not get flushed in JBoss when HttpSession is invalidated.
Does this help? cgriffith
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965248#3965248
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3965248
More information about the jboss-user
mailing list