2 Replies Latest reply on Jul 11, 2008 6:45 AM by sebastiendeg

    JAAS authentication over several threads

    taze1701

      Hello everybody!

      I have got a question concerning sharing a JAAS login over more than one thread. I am using JBoss Security together with Flex Livecycle Data Service. This dataservice uses a Tomcat Valve to authenticate against the realm. The authentication works fine and I can call secured EJBs from within the dataservice.

      But: This dataservice creates a pool of threads within JBoss. If another thread is used not the one where the authentication has been performed in the authentication data is lost and I get:
      javax.ejb.EJBAccessException: Authorization failure
      The difference between the threads is that the SecurityAssocation credential is not set in the other threads.

      For beeing able to call the EJBs also within the other threads I have tried to store the Subject which I receive during the Authentication process within the first thread within the Flex Session and use this subject for the EJB call by using Subject.doAs(...). But I get the same exception.

      How can I use the authenticated Subject to call a secured EJB even if the authentication has not been performed within the same thread? I do not want to store the users password and call SecurityAssociation.setCredential() in every thread. Can anybody help me?

      Thanks in advance,
      Taze