We solved this problem by extending Thread with a final AuthenticatedThread class. In AuthenticatedThread's constructors, cache a copy of the invocation credentials from the main Thread in the new AuthenticatedThread. In AuthenticatedThread, override run() to ensure that the cached credentials are explicitly set in the new Thread before super.run() gets called. To use AuthenticatedThread, supply a runnable at instantiation.
We accomplished the explicit getting and setting of the invocation credentials using a convenience class supplied with Websphere:
http://www-3.ibm.com/software/webservers/appserv/doc/v35/ae/infocenter/was/05040102.html
From: Gene Chuang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 6:53 PM
Subject: Re: Servlet spawns a new Thread -- needs CORBA security credentials
Whatever credentials you used to lookup EJBObject from Context in the Servlet's main thread, you should use the same credentials to re-lookup the EJBObject again in a spawned thread. I think whats happening is if you pass the same EJBObject reference to a spawned thread, it looses the principal info that's usually stored in ThreadLocal.
Gene
***************************************************************** DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator.
