I have a client Java application running against JBOSS 3.2.3. This application can accept requests from different users, each request is handled using its own dedicated Java thread.

As part of each request, the user supplies their credentials (username and password) which are to be authenticated by JBOSS using JAAS in order to control access to J2EE resources (e.g. EJBs).

Multiple requests must be handled concurrently (i.e. different users can make calls on different threads running at the same time).

Without support for Subject.doAs() in JBOSS, I can't see how I can establish multiple calling identities simultaneously within the same client application. It appears to me that once I have called LoginContext.login() in the application then all threads implictly assume that authenticated identity until either LoginContext.login is called again or LoginContext.logout() is called.

This multithreaded, multi-user approach has worked fine on other AppServers (e.g. WebSphere) that support Subject.doAs().

Any help/advice gratefully received, as this is a major block for adoption of JBOSS on my project.

Thanks

Alan