anonymous wrote : Every EJB invocation goes over a single thread of execution. http://www.jboss.com/index.html?module=bb&op=viewtopic&t=123819 Consider the following http://publicobject.com/2005/04/logging-in-to-web-app-using-jaas-on.html: anonymous wrote : | Where does the client-login domain store your login credentials? It associates them with the thread that calls LoginContext.login(). | This means that if you login from a Servlet, you probably won't continue to be logged in on your next HTTP request. Your login() call has authenticated the randomly-selected thread that serviced your first request, which probably won't be the same thread for subsequent requests. Even worse, another random user of your web application will inherit your credentials if they are serviced on your thread. | Therefore, whenever you call LoginContext.login(), you must also call LoginContext.logout(). On the same thread. Before your request is complete. | Is this actually true ? I am using Struts 1.3 and Actions in 1.3 are singletons. And I want each activation of the Action to invoke my remote SLSBs under the logined Subject which should never be accidentally shared. Any explanation on this? Thanks Les View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4167491#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...