[jboss-user] [Security & JAAS/JBoss] - Re: java.lang.SecurityException: Insufficient method permiss
ragavgomatam
do-not-reply at jboss.com
Mon Jan 21 08:19:17 EST 2008
In your HttpSessionListener, you have a sessionDestroyed() which in turn calls cleanUp(int id). In the cleaUp() call is made to ejb with an expired Principal . What happens is that when HttpSession times out, the Principal is cleared from Http session cache by jboss. So at that moment any calls to ejb's is made with an empty Principal resulting in the exception.
Can you use the Principal from the request instead ? request.getPrincipal() should geive you the Principal from HttpRequest. Check if it null & then do what you want instead.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121832#4121832
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121832
More information about the jboss-user
mailing list