2 Replies Latest reply on May 9, 2003 8:27 AM by aweissman

    Difficult Problem - Principal Dissapears Under Load

    aweissman

      I have Tomcat and JBoss running remotely and have implemented a JAAS login mechanism in a Servlet Filter (based on Peter Doorbosch's code) in order to ensure that the calling thread is authenticated with the proper user.

      This is working great: Users are authenticated using LDAPLoginModule when they log in, their credentials are stored in the HTTPSession, the Filter pulls the credentials out and performs a login right before a user accesses a page, the security interceptor in JBoss is recognizing the principal and applies the method level permissions to the EJBs.

      What I have found however, is if this is executed under load, even non heavy load but just at about 5 times a second, a 'principal=null' error creeps in. I have not been able to localize this issue. The Filter is definitely being invoked, the login is succeeeding, but then somewhere either Tomcat is losing the authentication of the thread or JBoss is not recognizing it anymore.

      Has anyone come accross anything like this, or have any advice on how to localize the cause of this issue?

      Thanks so much,
      Alan