I have to come up with a problem we have since we use jboss (2.2.2 till now 2.4.1a).
We have an application which consist of a server, a web-application (call it A) which authenticates using the SecurityDomain mechanism and another web-application (B) which logs into the server unsing a LoginContext().
With A a SecurityException (principal=null) occures sporatically manly when the user doesn't send a request for a few minutes but before sessiontimeout is reached.
With B the same exception occures more often. It consists of two requests. The first request logs into the server and creates a statefull SessionBeans (which itself creates Session- and EntityBeans) the second request useses this beans. The second request often failed untill Version 2.4.1(a) and fails everytime with JBoss 2.4.1a. I found out that the second request works everytime when I do a myLoginContext.login() just before the first call to my SessionBean.
Unfortunately I'm not able to make this call in Servlet A as long as I do not start using a LoginContext.
Do I really have to call myLoginContext.login() for each request, or is it a bug (or a feature ;-) )?