Well the only solution we have found after two days ... was to create a dummy principal (invisible to anyone) with full privileges in the client side who does what JBoss guest was supposed to do....
It seems this problem was related to the fact that Tomcat does not delete credentials(?) from a thread that served a request. Whenever a request required authentication things worked normally. If however a request did not require authentication, like in the case of a client site, the credentials from the last served request remained and confused the system.
This problem seems to have been solved in JBoss 3.2.3 when we tried it.
There are several posts in the Security & JAAS forum that describe this problem.
There has been a patch for the credential leak for jboss-3.2.1_tomcat-4.1.24.zip since 2003-05-04. patch description:
Sorry about that, just a test reply,.... απάντηση
Sorry about that, just a test reply,.... Î±Ï€Î¬Î½Ï„Î·ÏƒÎ·