OK, here is something that hasn't really been made clear on any posts I have read in this forum. If you want to use Tomcat with the clientloginmodule on the client side and want the server side to log you in using a databaseservermodule you have to perform the jaas client login and logout every time you send a request for a page.
If you do not do this it will lead to unpredictable results. The JBoss login module ClientLoginModule has an optional parameter for multi-threaded behaviour. If this parameter is set to false, the login will be global, meaning that the same user credentials will be associated with any request. This can for example lead to all users sharing the identity of the user who last logged in. When set to true, user credentials will be associated with a particular thread, leading to a user not being logged in or unexpectedly changing identify. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3831427#3831427 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3831427 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user