[jboss-user] [Security & JAAS/JBoss] - User does not logout after performing logout
hero79
do-not-reply at jboss.com
Wed May 30 05:16:59 EDT 2007
Hi,
i`m performing login via this method:
public void authenticateUser(String userName,
String password) throws MBeanServiceIdentitySecurityException
{
log.debug("entering authenticateUser");
subj = new Subject();
try {
lctx = new LoginContext(SECURITY_DOMAIN_LC_ID,
subj,
new MBeanServiceIndentityCallbackHandler(userName,password)
);
lctx.login();
IshopPrincipal p = getCurrentUserForMBean();
log.debug("Authenticated user (Ishop principal id: "+p.getId()+")");
log.debug("Adding principal to SecurityAssociation");
org.jboss.security.SecurityAssociation.pushSubjectContext(subj,p,password);
} catch (LoginException e)
{
log.error(e.getLocalizedMessage(),e);
throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
}
}
then i`m calling ejb method :
InitialContext ctx = new InitialContext();
UsersBeanLocalHome home = (UsersBeanLocalHome) ctx.lookup(UsersBeanLocalHome.JNDI_NAME);
UsersBeanLocal loc = home.create();
u = loc.selfGetUser();
which is protected by security role.
Next i`m calling this:
public void logoutUser() throws MBeanServiceIdentitySecurityException
{
log.debug("entering logoutUser");
assertVars();
try {
lctx.logout();
} catch (LoginException e) {
log.error(e.getLocalizedMessage(),e);
throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
}
subj = null;
lctx = null;
}
then i`m calling u = loc.selfGetUser(); and logged user is still there. Am i missing something or there is an bug in JBOSS 4.0.3SP1.
Thanks.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4049633#4049633
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4049633
More information about the jboss-user
mailing list