Hi again, I found out that not the access rights were lost but only the username has been overwritten (which we use to get additional information from a database).
I've added support for an unauthenticated identity in our selfwritten ServerLoginModule the same way it's done in the sample LoginModules in JBoss. But the addition of an empty roleset for unauthenticated in the commit() method seems to overwrite the username of the first logged in user in the cache. In already created Stateful SessionBeans the sessioncontext was still ok, but in all stateful SessionBeans created after an unauthenticated access the username in the sessioncontext has been overwritten by anonymous. So I removed the addition of an empty roleset for unauthenticated identity and now it seems to work (hoperfully ;-) ) Is there a known bug in JBoss or in the ServerLoginModules ? Annegret View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972942#3972942 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3972942 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
