Hi,
it seems that JBoss plugs in it's own Valve
"org.jboss.web.tomcat.security.SecurityAssociationValve", which requires the
Security Context. It seems this Valve is called after your own logout.
So maybe it helps to move your logout code after this valve (e.g. in a custom Valve)?
Hope this is no total nonsense, but this is far beyond my own security experiences, so I
just can do some guessing ;-)
Maybe you should ask this question in the Security forum
http://www.jboss.com/index.html?module=bb&op=viewforum&f=49
Wolfgang
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221980#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...