1 Reply Latest reply on Aug 13, 2008 11:09 AM by ragavgomatam

    EJB invocation occurs over a single thread

    lesclayes

       

      Every EJB invocation goes over a single thread of execution.

      http://www.jboss.com/index.html?module=bb&op=viewtopic&t=123819

      Consider the following http://publicobject.com/2005/04/logging-in-to-web-app-using-jaas-on.html:

      Where does the client-login domain store your login credentials? It associates them with the thread that calls LoginContext.login().
      This means that if you login from a Servlet, you probably won't continue to be logged in on your next HTTP request. Your login() call has authenticated the randomly-selected thread that serviced your first request, which probably won't be the same thread for subsequent requests. Even worse, another random user of your web application will inherit your credentials if they are serviced on your thread.
      Therefore, whenever you call LoginContext.login(), you must also call LoginContext.logout(). On the same thread. Before your request is complete.

      Is this actually true ? I am using Struts 1.3 and Actions in 1.3 are singletons. And I want each activation of the Action to invoke my remote SLSBs under the logined Subject which should never be accidentally shared. Any explanation on this? Thanks

      Les