Investigate race condition for security --------------------------------------- Key: JBAS-7822 URL: https://jira.jboss.org/jira/browse/JBAS-7822 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Environment: WinXP 64bit Reporter: Stefan Ries Assignee: Anil Saldhana Fix For: JBossAS-5.0.0.GA I'm runnin several beans, let's call them A,B,C. They all run in the same security context. I'm using have a custom loginmodule and a custom principal. Bean A has the following method: public Principal getCurrentPrincipal() { if (log.isTraceEnabled()) { log.trace("getCurrentPrincipal() - start"); //$NON-NLS-1$ } Principal returnPrincipal = sCtx.getCallerPrincipal(); if (log.isTraceEnabled()) { log .trace("getCurrentPrincipal() - end - return value=" + returnPrincipal); //$NON-NLS-1$ } return returnPrincipal; } My test runs 3 threads. - Thread1: Fetches non-stop entities using bean B - Thread2: Fetches non-stop entities using bean C - Thread3: Endless loop of: --Perform login --call BeanA.getCurrentPrincipal(); --Compare principal name with login name --logout After running this several minutes, the name of the principal is "anonymous" (the unauthenticated principal). When disabeling Thread 1 and 2, the error does not occur. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira