[jboss-user] [Security & JAAS/JBoss] - Problems with the Subject
jhmjesus
do-not-reply at jboss.com
Wed Apr 18 08:50:21 EDT 2007
It assumes this context:
1.One ejb jar with one X Stateless .
2.Another ejb jar with Y Stateless.
3.The Security Domain is the same for both.
Well, the login was made for client with user A. At this moment was performed one method of the X Stateless. In the sequence client perform another method in Y Stateless. The Subject is OK.
The client made the logout.
Now the client made the login with user B perform the same method in X Stateless. After this it executed the same method in Y Stateless. At this moment the Subject is of user A.
I'm using isValid(principal,credential,subject) SecurityAssociation method to retrieve the Subject. In my jboss-service.xml JAAS Security Manager configuration the attribute is DefaultCacheTimeout = 0 and DefaultCacheResolution = 0.
What's the problem??? Why the user A Subject still exists in the EJB Container after the first logout.
My environment:
-OpenSuSE Linux version 10.0
-JDK vesion 1.5.0_06
-JBoss-AS version4.0.4.GA
-EJB3 RC9FD+Patch.
Thaks a lot.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4038361#4038361
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4038361
More information about the jboss-user
mailing list