[jboss-user] [Security & JAAS/JBoss] - JAAS authentication over several threads

taze1701 do-not-reply at jboss.com
Mon Jun 23 04:35:52 EDT 2008

Hello everybody!

I have got a question concerning sharing a JAAS login over more than one thread. I am using JBoss Security together with Flex Livecycle Data Service. This dataservice uses a Tomcat Valve to authenticate against the realm. The authentication works fine and I can call secured EJBs from within the dataservice.

But: This dataservice creates a pool of threads within JBoss. If another thread is used not the one where the authentication has been performed in the authentication data is lost and I get:
javax.ejb.EJBAccessException: Authorization failure
The difference between the threads is that the SecurityAssocation credential is not set in the other threads.

For beeing able to call the EJBs also within the other threads I have tried to store the Subject which I receive during the Authentication process within the first thread within the Flex Session and use this subject for the EJB call by using Subject.doAs(...). But I get the same exception.

How can I use the authenticated Subject to call a secured EJB even if the authentication has not been performed within the same thread? I do not want to store the users password and call SecurityAssociation.setCredential() in every thread. Can anybody help me?

Thanks in advance,

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4159842#4159842

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4159842

More information about the jboss-user mailing list