[jboss-user] [Security & JAAS/JBoss] - User does not logout after performing logout

hero79 do-not-reply at jboss.com
Wed May 30 05:16:59 EDT 2007


Hi,

i`m performing login via this method:

	public void authenticateUser(String userName, 
								 String password) throws MBeanServiceIdentitySecurityException
	{
		log.debug("entering authenticateUser");
		subj = new Subject();
		try {
			lctx = new LoginContext(SECURITY_DOMAIN_LC_ID,
									subj,
									new MBeanServiceIndentityCallbackHandler(userName,password)
									);
			lctx.login();
			
			IshopPrincipal p = getCurrentUserForMBean();
			log.debug("Authenticated user (Ishop principal id: "+p.getId()+")");
			
			log.debug("Adding principal to SecurityAssociation");
			org.jboss.security.SecurityAssociation.pushSubjectContext(subj,p,password);
			
			
		} catch (LoginException e)
		{
			log.error(e.getLocalizedMessage(),e);
			throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
		}
	}

then i`m calling ejb method :

				InitialContext ctx = new InitialContext();
				UsersBeanLocalHome home = (UsersBeanLocalHome) ctx.lookup(UsersBeanLocalHome.JNDI_NAME);
				UsersBeanLocal loc = home.create();
				u = loc.selfGetUser();

which is protected by security role.

Next i`m calling this:

	public void logoutUser() throws MBeanServiceIdentitySecurityException
	{
		log.debug("entering logoutUser");
		assertVars();
		try {
			lctx.logout();
		} catch (LoginException e) {
			log.error(e.getLocalizedMessage(),e);
			throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
		}
		subj = null;
		lctx = null;
	}

then i`m calling u = loc.selfGetUser(); and logged user is still there. Am i missing something or there is an bug in JBOSS 4.0.3SP1.

Thanks.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4049633#4049633

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4049633



More information about the jboss-user mailing list