[jboss-user] [Security & JAAS/JBoss] - Re: SecurityAssociaton.getSubject is null

sim-smith do-not-reply at jboss.com
Thu Apr 26 18:05:50 EDT 2007


I don't know specifically about your LoginModule, but to get the logged-in Subject onto the SecurityAssocation stack we need to have two login modules, one is our own custom one, and the other is the JBoss ClientLoginModule.  It is the ClientLoginModule that pushes the Subject onto the SecurityAssociation stack upon commit(), and pops on logout() and abort().  Note - make sure that you set restore-login-identity to true for the ClientLoginModule otherwise you get strange behaviour upon cache timeout.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041209#4041209

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041209



More information about the jboss-user mailing list