Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: JBossPOJOServer-1.0 Alpha, JBossAS-3.2.7 Final, JBossAS-4.0.1 SP1, JBossAS-4.0.2RC1
Affects Version/s: JBossAS-3.2.6 Final
Component/s: Security
Labels:
None

SFDC Cases Counter:
SFDC Cases Links:

Description

During the deployment of a message driven bean, the container creates a connection to the message queue using the user/pwd provided by the deployment descriptor. The authenticated subject created by this operation is bound to the current thread (via the security association class) using a ThreadLocal.

The thread that deploys components existing in the deploy directory at startup is the "main" thread. This means that the "main" thread has a security association. This security association (meaning the Subject bound to the thread by a ThreadLocal) is then copied to every other thread created by JBoss, including the the HTTP processor threads, class loader threads, etc.

The very first time the application is accessed using one of the HTTP processor threads, it has the security association create the jms login. Once the processor thread has processed one request, the security association is cleared and functions normally.

A partial workaround is to not deploy the MDBs until after JBoss has finished starting up. This prevents the jms-connection user security association from being inherited by the HTTP processor threads.

Attachments

Activity

People

Assignee:: Scott Stark (Inactive)

Reporter:: Eugene Clark (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2005/01/24 2:15 PM

Updated:: 2005/02/09 8:02 PM

Resolved:: 2005/01/25 2:06 AM