Just to explain a little bit further: we have a web-app that stores username and password in session (i know ... that's bad) and inside servlets (jsps) is:
InitialContext lctx = getInitialContext(user, password)
What happenes is that sometimes methods are called with wrong principal.
We don't actually need different principals on single Thread (like the first code). I found that this can be solved by using InitialContextFactory (instead of JndiInitialContextFactory) with multi-threaded="true" inside auth.conf file.
Can anything similar be achieved by using JndiInitialContextFactory?
The JndiLoginInitialContextFactory is outside or inside of the jboss server? Inside the multi-threaded mode is already the default. Outside it would have to be set by calling SecurityAssociation.setServer().
I added a feature request for this option: