Kumar,
We are using V3 final without any modification.
It is not easy to describe you the test case since the problem is only intermittent and not predictable.
Normally it start occurring after one day of runtime in our test environment.
When the problem start occurring, sometime 4 web service requests in a row can fail authentication and then the fifth one will
works.
We are not doing volume testing, the server receive only few requests.
To summarize the facts:
- The problem is that glassfish report to be login the good user but then pass another (valid) username and password to the login
module.
- We are using plain text username token authentication
- Web services are implemented on ejb with these annotations (@WebService, @Stateless, @RolesAllowed)
- The problem only occurs for web service
- We are using wsit file to enable the username token authentication
- We are using our own realm and login module that are extending respectively AppservRealm and AppservPasswordLoginModule
- I have followed this blog to create our custom realm
http://blogs.sun.com/nithya/entry/groups_in_custom_realms
- I have first suspected a bug in the custom login module. But log clearly show it is doing its job correctly but _username and
_password member belong to another user.
It is like if _username and _password are sometime not reinitialized in the login module before authenticateUser() is called and
stays at old value.
Any help will be really appreciated.
Thanks.
Vincent Deschenes