Shameless bump. I have a situation where the client to JBoss is a multi-threaded server to other clients. It uses two basic JNDI authentications, one on behalf of the clients, and one for itself. The problem is that after it obtains a remote interface using its own authentication, when it logs in on behalf of clients (as guest), it gets a security exception when calling methods on the remote interfaces it has for itself. This is because the SecurityAssociation is scoped to the whole application/JVM.
Ideally it would preserve its context from the time the remote EJB was instantiated. Short of that, however, I'd at least like to get it to scope to threads, as it's likely that it will never act on behalf of clients in the same thread it's using its own remote interfaces. I tried creating two EJB modules in the same EAR with different security domains, and that didn't do the trick. In this setup the guest authentication was isolated to calls to one EJB module and the host authentication to another. Should I even bother to try to put the EJB modules in separate EARs? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3908316#3908316 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3908316 ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user