JBoss is caching security credentials, so you must flush the cache. This can be done using JMX. If you search this forum i'm pretty sure you'll find a code sample of how to do that.
Thank you, I hope to find this forum to resolve my problem.
Thank you for you suggestion.
Hi, I had the same problem.
The reason is that when Tomcat authenticates, the login info is stuck to the thread, NOT the session. The thread pool does reuse mechanism des the rest....
I found a solution in:
Anyway, I'd like to know if someone used another method, maybe more "automatic". For instance, configure JBoss to attach Jaas security to each session "instead" each thread...
Thanks in advance.
I'm afraid you didn't understand the article you are refering to. The article is about using custom _non-standard_ web security (the "write it all yourself approach").
When you are using normal standard web security, specifiying security constraints in web.xml and jboss-web.xml, of course different security contexts are managed correctly by jboss/jetty/tomcat.
So what you are asking for, "automatic attaching security to sessions", it is already there.
Moreover, the problem mentioned in the original post is a typical caching problem and has certainly nothing to do with thread pooling etc.