I have the same Problem with jboss-5.0.1.GA.
Strange is, when i'm doing the loggin in the main method, all is fine, when i'm using a LoginDialog, to get username and Password, i get a EJBAccessException in another Thread
I'm running into this same issue. I am developing remote services for a swing client using JBoss 5.01. The problem does pop up when the the LoginContext login() is called from a thread. We currently have a thread that handles the login, and other threads that handle subsequent calls. Any ideas on how this might be resolved?
Someone I know did mention this could have to do with some data being stored in ThreadLocal on login().
The security information will propagate to the child threads of the parent thread. If you login with the parent thread then the child threads that you start up later should not need to re-authenticate. At least that is what worked for us.
I found the same bug in JBoss 5.1.0GA (bundled with jbosssx-client.jar, version 2.0.3.SP1):
Security context is lost in client (multi-threaded swing) application started via java web start, when I perform ejb3 call on different thread, from which I have performed login() on start of the application (login() was perfomed on thread created by java webstart for calling main() method, this thread has been destroyed after finish of main method). Although I have configured:
Security context is still stored in thread-related storage, what is wrong. After 2 days of remote debugging internals jboss client security library I found problem in static variable SERVER of class org.jboss.security.SecurityContextAssociation, which has declaration:
private static boolean SERVER = true; This value is not changed during the run of client application therefore security context is stored in thread local place. Simple workaround which works is to call method SecurityContextAssociation.setClient() before login() method.
This bug occured in JBoss 5.1.0GA (jbosssx 2.0.3.SP1) there are already bugfixes which could possibly fix it in newer version of security library, e.g.: https://jira.jboss.org/jira/browse/SECURITY-415, I do not know, it is up on the JBoss people to resolve if it is still valid issue to solve.