Looking through the examples on how to use JAAS and authenticate into JBoss so that secured EJB's can be invoked it dawned on me it doesn't appear to be multiple user friendly within the same JVM.
For instance if I want to get an EJB MyEJB with a specific subject I use JAAS to login. No where do I see an associated of the subject and the EJB. This means that any thread can then obtain EJB's from JBoss. This is a problem when running on a server environment that serves multiple client requests through another interface.
In other words it doesn't look like I can log into JBoss with two different users in the same JVM at the same time in different threads. Is this a correct assumption?
-
Andrew T. Finnell
The ClientLogin module supports single threaded and multi-threaded modes. See the multi-threaded option description here:
http://www.jboss.org/wiki/Wiki.jsp?page=ClientLoginModule