2 Replies Latest reply on Apr 20, 2007 8:55 AM by jhmjesus

    Problems with the Subject

    jhmjesus

      It assumes this context:

      1.One ejb jar with one X Stateless .
      2.Another ejb jar with Y Stateless.
      3.The Security Domain is the same for both.

      Well, the login was made for client with user A. At this moment was performed one method of the X Stateless. In the sequence client perform another method in Y Stateless. The Subject is OK.

      The client made the logout.

      Now the client made the login with user B perform the same method in X Stateless. After this it executed the same method in Y Stateless. At this moment the Subject is of user A.

      I'm using isValid(principal,credential,subject) SecurityAssociation method to retrieve the Subject. In my jboss-service.xml JAAS Security Manager configuration the attribute is DefaultCacheTimeout = 0 and DefaultCacheResolution = 0.

      What's the problem??? Why the user A Subject still exists in the EJB Container after the first logout.

      My environment:
      -OpenSuSE Linux version 10.0
      -JDK vesion 1.5.0_06
      -JBoss-AS version4.0.4.GA
      -EJB3 RC9FD+Patch.

      Thaks a lot.