LoginContext exception crashes application ------------------------------------------ Key: JBAS-5034 URL: http://jira.jboss.com/jira/browse/JBAS-5034 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Affects Versions: JBossAS-4.0.4.GA Environment: Linux. I have two linux servers with JBoss installed running in clustered mode and two servers with Tomcat 5.23 running in load-balancing mode(not clustered). I have replicated the problem on windows with a jboss and tomcat running independently. Reporter: Christos Nicolaou Assigned To: Scott M Stark The problem occurs when I the LoginContext is initialized and logged in, and I try to call the server. At this point the call fails(wrong credentials) and I do not logout the context. After this any call coming to the tomcat server from any browser running on other machines gives a security exception in JBoss. In the JBoss log it I can see the JBoss ServerLoginModule saying "Bad Password given for username=a" where 'a' is the user with the invalid credentials from the previous call. In case the LoginContext is logged out in case of an exception everything works out fine. However, since what I described above means that the web-server picks up a LoginContext belonging to a different session this worries me a lot. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira