Warning: dont do what we did, it broke things badly, making it possible for identity switches to occur mid-flight. The problem is with the shared use of the CallbackHandler (SecurityAssociationHandler). JaasSecurityManager uses the same instance of the handler to transfer principal/credentials back and forth between incoming calls to authenticate and the configured login modules. At the very least, defaultLogin(principal, crendential) needs to be synchronized, unless JAASSecurityManager is changed to create a new instance of the CallbackHandler for each request.
cheers craig <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825011#3825011">View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825011>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user