1 Reply Latest reply on May 4, 2004 8:31 AM by jburugupalli

    How to set org.jboss.security.SecurityAssociation.ThreadLoca

    jburugupalli

      Hi All,

      I am having a strange problem.

      When i use the client to autheticate it works fine

      I use the following code in the client

       AppCallbackHandler tAppCallbackHandler = new AppCallbackHandler
       (iUserName, iPassword.toCharArray());
       iLoginContext = new LoginContext("WorkClient", tAppCallbackHandler);
      iLoginContext .login();
      InitialContext(tProperties);
      

      So if run two clients its fine and recognises each of them correctly.

      But i have a servlet which invokes a local EJB with a code as shown below
      InitialContext(tProperties);
      

      with out any logincontext and to my surprise if the client has made any request at least once its assigning the principal and credential of this client to the call which i made with the servlet.
      And when i make the servlet call without any client call before as soon as i start the Jboss it says identity = anonymous as it is an unauthenticated identity. this is fine. But when i make a client call the it is always taking it principal and credential and if the client logsout then the principal and credential of the client are not valid and the servlet call still tries to use them and fail

      as i did some code inspection i found that the
      org.jboss.security.SecurityAssociation.ThreadLocal
      is used to determine if it should share the principal credential for all the threads or only thread specific by definition. if it is correct then can i turn it true or please give me proper guidence regarding this strange problem.

      regards
      jani

        • 1. Re: How to set org.jboss.security.SecurityAssociation.Thread
          jburugupalli

          HI Scott,

          I have found the way to do it. The servlet should use the ClientLoginModule for the clients calling EJBS with in the VM from the login-config.xml. and then i can set the multi-threaded option to true which inturn sets the SecurityAssociation.setServer() thats fine.

          new LoginContext("client-login", Callbackhandler);
          call the login() method
          InitialContext()
          Should work fine

          regards
          jani