[jboss-user] [Security & JAAS/JBoss] - Re: java.lang.SecurityException: Insufficient method permiss

carcophan do-not-reply at jboss.com
Mon Jan 21 11:39:36 EST 2008


I tried getting the principal from the request but in my class that implements the SessionListener interface, there is no way of accessing the request, I guess simply because there is no request - only the session. Is there a way of making Tomcat not signalling JBoss that the session has timedout and therefore nulling the Principal?

Is it uncommon to do cleaning up of for eg. certain temporary database tables when an Http Session expires?

Or is there some workaround without having to patch Tomcat or JBoss in order to force it to do what I want?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121893#4121893

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121893



More information about the jboss-user mailing list