[jboss-jira] [JBoss JIRA] Commented: (SECURITY-272) ClientLoginModule in a multi-threaded context

[amar slimane (JIRA)]

    [ https://jira.jboss.org/jira/browse/SECURITY-272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12429048#action_12429048 ] 

amar slimane commented on SECURITY-272:
---------------------------------------

With the JBoss AS5CR1, we have another problem : https://jira.jboss.org/jira/browse/SECURITY-273

> ClientLoginModule in a multi-threaded context
> ---------------------------------------------
>
>                 Key: SECURITY-272
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-272
>             Project: JBoss Security and Identity Management
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>         Environment: CentOS release 4.4 (Final)
> JBoss AS 5.0.0.Beta4
>            Reporter: amar slimane
>            Assignee: Anil Saldhana
>
> When we invoke an EJB method in the thread where the 'LoginContext.login' has been made
> the authentification works fine.
> But when we invoke an EJB method in another thread i have to do
> an another 'LoginContext.login'.
> In the documentation, i read this :
> 'multi-threaded=true|false : When set to false the login identity and credentials are global variables that apply to all threads in the VM.
> The default for this option is false.'
> When the multi-threaded is set to false, the login identity is global in the VM
> but we have to do a 'LoginContext.login' in each thread. 
> Here is the client 'auth.conf' file :
> other {
> org.jboss.security.ClientLoginModule required
> multi-threaded=false;
> };

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira