[jboss-jira] [JBoss JIRA] Commented: (JBAS-7822) Investigate race condition for security

Investigate race condition for security --------------------------------------- Key: JBAS-7822 URL: https://jira.jboss.org/jira/browse/JBAS-7822 Project: JBoss Application Server Issue Type: Bug Security Level: Public(Everyone can see) Components: Security Environment: WinXP 64bit Reporter: Stefan Ries Assignee: Anil Saldhana Fix For: JBossAS-5.0.0.GA I'm runnin several beans, let's call them A,B,C. They all run in the same security context. I'm using have a custom loginmodule and a custom principal. Bean A has the following method: public Principal getCurrentPrincipal() { if (log.isTraceEnabled()) { log.trace("getCurrentPrincipal() - start"); //$NON-NLS-1$ } Principal returnPrincipal = sCtx.getCallerPrincipal(); if (log.isTraceEnabled()) { log .trace("getCurrentPrincipal() - end - return value=" + returnPrincipal); //$NON-NLS-1$ } return returnPrincipal; } My test runs 3 threads. - Thread1: Fetches non-stop entities using bean B - Thread2: Fetches non-stop entities using bean C - Thread3: Endless loop of: --Perform login --call BeanA.getCurrentPrincipal(); --Compare principal name with login name --logout After running this several minutes, the name of the principal is "anonymous" (the unauthenticated principal). When disabeling Thread 1 and 2, the error does not occur.