I am having a problem when we activate security on our JBoss server (using version 2.2!).
We communicate from our client to a stateful session bean, which holds, as a remote reference, another stateful session bean. Everything works well when no security is in force, or while the authentication cache is populated. However, if the client is inactive for 30 minutes or more, so that the authentication cache is cleaed and the stateful session beans have been passivated, we encounter an authentication exception (principal=null) on the second bean, and an rmi exception is returned to the client (NoSuchObject:Could not Activate).
I guess what is happening is that the first session bean is activated, and this causes the second bean to be activated as well. However, as the first bean is in the process of authenticating the user, there is no principal associated with the call to activate the second bean, hence the problem.
Apart from increasing the interval on flushing of the cache or switching off security on the second bean, does anyone have any advice on this problem? Am I off beam on my diagnosis? Any help welcome,
This is a bug in jboss (I use jboss 2.4.3). I posted a bugreport to sourceforge on 31. Jan. 2002 and it will be fixed in jboss 2.4.5.
As workaround I increased the SecurityCaching time and the passivation time.