3 Replies Latest reply on Feb 14, 2006 11:45 AM by elkner

    Server not clearing the user authentication

    sudhirsu

      Hi,

      I have an application deployed on JBoss which makes use of JAAS for security. Both the web and ejb methods of my application are configured to be secured through the web.xml and ejb-jar.xml correspondingly.

      Currently Iam facing an issue wherein the security is working only on the first call and for the subsequent calls it is picking up the old values(of userid etc). I tried setting the value of DefaultCacheTimeout to zero but it backfired because now the principals were not getting passed between the web container and the ejb container resulting in security exception.

      Can someone please tell me how to clear the authentication details between the two logins but it should be retained between the web and the ejb containers?

      Cheers, Sudhir