I use this config from MDBs that login in onMessage(), perform secured calls to EJBs, then logout. I set it up to with "multi-threaded"=true to prevent another MDB from logging out a shared JAAS LoginContext. Is this a correct use of this attribute?
Anyway, a side note I've seen is this that I never get an authentication cache hit?! Every MDB.onMessage() hits my configured LoginModules and never sees the cache. And, yes, I've read Chapt 8... but found nothing to help troubleshoot my problem.
Thanks
<!--
CTMS-server-security-domain
ClientLoginModule tells JBoss to pass security context along
with the request. This is necessary for server-side in-VM
services such as MBeans to login and call secured EJBs.
See org.jboss.security.ClientLoginModule Javadoc for more
information on configurable module-option(s).
The multi-threaded=true module-option tells JBoss to store the
login information in a separate ThreadLocal, so there is no
shared data across multiple threads.
JDBCLoginModule tells JBoss to check against security tables
for authentication information.
-->
<application-policy name="CTMS-server-security-domain">
<authentication>
<login-module code="cdot.jboss.JDBCLoginModule" flag="required">
<module-option name="ds-jndi-name">java:/OracleDS</module-option>
<module-option name="principals-query">SELECT PASSWORD_TXT FROM SECURITY_USER WHERE TYPE_SECURITY_STATUS_CD = 1 AND USER_NAME_TXT=?</module-option>
<module-option name="roles-query">SELECT GROUP_NAME_TXT, ROLE_NAME_TXT FROM V_ROLES WHERE USER_NAME_TXT = ?</module-option>
</login-module>
<login-module
code="org.jboss.security.ClientLoginModule"
flag="required">
<module-option name="multi-threaded">true</module-option>
</login-module>
</authentication>
</application-policy>