3 Replies Latest reply on Oct 29, 2013 8:29 AM by sowa

    Unexpected switching of users

    sowa Newbie



      I've got strange problem:

      Web app is running on eap 5.1 together with ejb 2.x.

      I've got also java client connecting to ejb using org.jboss.security.jndi.JndiLoginInitialContextFactory.


      Web app is working fine until I run java client (which using credentials from some prop file).


      Web app is using some additional authorization stuff (let's call it rights checker)  which in fact is checking roles from SecurityAssociation.getSubject object.

      Problem is that after running java client web app is calling rights checker which is getting bad principal name (instead of web username it gets username used by java client) and in addition subject object is null).

      Problem seems to be quite random, I mean I'm not able to get it always after running java client. Sometimes I need to run java client couple of times.

      But when I meet this situation and refresh page using F5 I'm able to get correct one principal name and subject is not null.


      So some conclusion:

      User is using web app then he is starting manually java client in background then after java client finish user is trying to use web browser and he meet problem. Then he is pressing refresh button and app is again working correctly. But he can tries to press refresh many times and he meet problem many times (it is random).


      Any ideas?