I am using org.jboss.security.ClientLoginModule for clientside login, All my EJBs are secured under a domain and a custom server login module is
configured in login-config for this domain. On a login request,I call ClientLoginModule's login,then I invoke a bean create which takes me to login of CustomLoginModule, in whose commit
I push my principals and credentials into SecurityAssociation. After the succesful login, I invoke other EJB methods where am able to fetch the principal I pushed into SecurityAssociation. But when the next request comes from GUI, SecurityAssociation is set to null. If any clue why this happens pls help me out.
This isn't a wiki question -try the security forums.
It sounds like you are trying to access the SecurityAssociation in multi-threaded application while using the default per-thread SecurityAssociation policy.