geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kory Markevich <>
Subject EJB & Web App losing Subject
Date Tue, 14 Jul 2009 18:39:40 GMT

A web app (built with Spring & GWT) we're building is currently having issues
with security and EJBs.  Some calls made by the app to EJBs are throwing
"Unauthorized Access by Principal Denied" exceptions.  Investigating this it
seems that whenever a new thread in geronimo is started to service the call
the auth credentials aren't being copied.  For example, ContextManager.login
is called in thread "http-", and subsequent EJB calls work
correctly.  Some time later a new thread "http-" is created
and the EJB call takes place in it.  Geronimo notices that there isn't a
subject and installs the default subject (using ContextManager.setCallers),
which of course doesn't have the required principals.

I'm assuming the thread spawning is normal though I don't know that.  We do
have another web app, using Spring but not GWT, that is working correctly. 
Both web apps use custom LoginModules, though not the same ones.  Could this
be caused by the web app?  Where could I look to get more information?

View this message in context:
Sent from the Apache Geronimo - Users mailing list archive at

View raw message