You have to establish the client identity on each access to the EJB. What are you doing currently?
>You have to establish the client identity on each >access to the EJB
Sounds good, but i don't know how to do this. I saw that normally, the ClientAuthModule registeres the name/password with SecurityAssociation - a class pooling the authinfo.
So, all my proxy objects (each of which is connected to a jboss-ejb) must share this login info. If multiple proxy-objects (=multiple threads) now access jboss simultaneously and setting their auth-info in SecurityAssociation, a context switch would often give wrong authinfo, or am I wrong here?
The ClientAuthLoginModule has a multi-threaded option to allow the identity binding to be thread specific so that multiple indepdent login identities can be maintained.
Sounds good. I don't know exactly if each RMI remote Object on remote access runs in its own and only thread? Do you know? If this is the case it sounds very promising.