Perhaps logout() is not being called? Could you try to call the logout() method from your test code which is using JAAS to login? I know that you mentioned it's just for testing, but that would give an idea about what might be wrong.
Do you mean to logout from my MBean which does the EJB call?
I do this allready, I do the following:
2. instantiate the EJB
3. call the method
5. set EJB to null
It works for a time, after starting the app the MBean calls the EJB method allways with the correct principal. Maybe the error does not happen for a long time.
But suddenly it starts failing and always uses the credentials from another user.
I have some questions and would be glad if you could answer some of them:
Is there another way to force the EJB call to use a certain idendity?
Do you have a debug hint withit I can check what's going on?
Is my test login call the correct way to force an unauthenticated identity?
Would pushRunAsIdentity() help me?
Are there known situations, where an app running in JBoss can manage it that the container takes the wrong principal/credentials?
Thank you very much
as long as nobody logs in every thing works, but if a user logs in, the MBean suddenly runs with credentials of that user. If that user logs out, the MBean still tries to use the credentials but then authentication fails.
pushRunAsIdentity()/popRunAsIdendity() solved my problem, respectively made the problem go away.
I do not really understand, why my MBean picked up the idendity of another user but it stopped doing this when I used pushRunAsIdendity.