1 Reply Latest reply on May 4, 2004 8:31 AM by Janardhan Burugupalli

    How to set org.jboss.security.SecurityAssociation.ThreadLoca

    Janardhan Burugupalli Newbie

      Hi All,

      I am having a strange problem.

      When i use the client to autheticate it works fine

      I use the following code in the client

       AppCallbackHandler tAppCallbackHandler = new AppCallbackHandler
       (iUserName, iPassword.toCharArray());
       iLoginContext = new LoginContext("WorkClient", tAppCallbackHandler);
      iLoginContext .login();
      InitialContext(tProperties);
      

      So if run two clients its fine and recognises each of them correctly.

      But i have a servlet which invokes a local EJB with a code as shown below
      InitialContext(tProperties);
      

      with out any logincontext and to my surprise if the client has made any request at least once its assigning the principal and credential of this client to the call which i made with the servlet.
      And when i make the servlet call without any client call before as soon as i start the Jboss it says identity = anonymous as it is an unauthenticated identity. this is fine. But when i make a client call the it is always taking it principal and credential and if the client logsout then the principal and credential of the client are not valid and the servlet call still tries to use them and fail

      as i did some code inspection i found that the
      org.jboss.security.SecurityAssociation.ThreadLocal
      is used to determine if it should share the principal credential for all the threads or only thread specific by definition. if it is correct then can i turn it true or please give me proper guidence regarding this strange problem.

      regards
      jani