DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44209>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44209 Summary: JAASRealm loses credentials - principal=null Product: Tomcat 5 Version: 5.5.23 Platform: Other OS/Version: Linux Status: NEW Severity: critical Priority: P1 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have a tomcat 5.5.23 running on linux machine communicating with EJBs on a Jboss server on another linux machine. I have lots of users connecting on the system and I get lots of errors in the jboss authentication module saying that the principal received from tomcat is null. This occurs after the user has logged in and after he/she successfully managed to call the server multiple times without any problems. It seems that sometimes the tomcat JAAS module loses the principal of the LoginContext. I have not managed to figure out when this happens but when this occurs the user has to logout and login again. I have also noticed something else that is weird. When the above scenario occurs the next user that tries to login is picking up the invalid LoginContext that has a null principal. I managed to reproduce this by doing a LoginContext.login with invalid credentials and tried to access a server function in order to receive an authentication exception from the server. When this happens I do not logout the context. I then try opening a new session with a new browser and accessing a function with @PermitAll only to find out that tomcat picked up the invalid loginContext of the other session and tries to validate the user using the invalid credentials. Any help will be appreciated. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
