-
1. Re: Wrong SECURITY_PRINCIPAL
tineq Oct 25, 2005 7:37 AM (in response to tineq)Just to explain a little bit further: we have a web-app that stores username and password in session (i know ... that's bad) and inside servlets (jsps) is:
InitialContext lctx = getInitialContext(user, password)
...
lctx.lookup(...)
...
lctx.lookup(...)
What happenes is that sometimes methods are called with wrong principal.
We don't actually need different principals on single Thread (like the first code). I found that this can be solved by using InitialContextFactory (instead of JndiInitialContextFactory) with multi-threaded="true" inside auth.conf file.
Can anything similar be achieved by using JndiInitialContextFactory? -
2. Re: Wrong SECURITY_PRINCIPAL
starksm64 Dec 5, 2005 1:53 PM (in response to tineq)The JndiLoginInitialContextFactory is outside or inside of the jboss server? Inside the multi-threaded mode is already the default. Outside it would have to be set by calling SecurityAssociation.setServer().
I added a feature request for this option:
http://jira.jboss.com/jira/browse/JBAS-2523