[jboss-user] [Security & JAAS/JBoss] - sessionDestroyed && home.create

polymedes do-not-reply at jboss.com
Fri Jul 28 11:17:53 EDT 2006

I've got a problem logging out the currently logged on user. I have a javax.servlet.http.HttpSessionListener in my web application, declared as 


in web.xml

Inside the sessionDestroyed event handler I call this code:
public void sessionDestroyed(HttpSessionEvent se)  {
		if (activeSessions > 0)

		try {
			MyServiceLocal iface = BeanLocator.getInstance().getMyService();

			if (iface!=null)
				iface.logoutCurrentUser( (String)se.getSession().getAttribute("my.current.user") );

		} catch (Exception ex) {
			System.out.println("XTYPHSE PALI TO MPOYRDELO! " + ex.getClass().getName());



I have an error "javax.ejb.AccessLocalException" in the line:
MyServiceLocal iface = BeanLocator.getInstance().getMyService();

The error fires when home.create() is called:
public MyServiceLocal getMyService() {
  try {
    home = (MyServiceLocalHome) ctx.lookup("my.jndiName");

    //home is ok here, but calling create() will throw an AccessLocalException
    return home.create();
  } catch (...) {...}

The interface for the bean "MyService" is generated with option @ejb.permission view-type="all" unchecked="true"

The security domain is defined ("myApp" in jboss-web.xml and in jboss.xml)

My login-config.xml contains the following:
    <application-policy name = "myApp">
	  <login-module code = "my.login.MyLoginModule" flag = "required">
		  <module-option name="unauthenticatedIdentity">nobody</module-option>

	  <!-- Add this line to your login-config.xml to include the ClientLoginModule propogation -->      
	  <login-module code="org.jboss.security.ClientLoginModule" flag="required">
		<module-option name="unauthenticatedIdentity">nobody</module-option>

What is the problem? How can I logout the user (ie mark the user "clean" in the database), ON session destroy?

Any help will be much appreciated

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961588#3961588

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961588

More information about the jboss-user mailing list