[jboss-user] [JBossCache] - Relogin after 30 minutes

typsy do-not-reply at jboss.com
Mon Feb 25 09:16:54 EST 2008 

Hi,

I am using JBoss 4.0.5 GA.

Class [Custom]JaasSecurityManager has a function called isValid which contains this part of code:

public boolean isValid(Principal principal, Object credential,
  | 			Subject activeSubject) {
  | [...]
  | 		boolean isValid = false;
  | 		if (cacheInfo != null) {
  | 			isValid = validateCache(cacheInfo, credential, activeSubject);
  | 
  | //Q1                        if (cacheInfo != null) 
  | 				                cacheInfo.release();
  | 		}
  | 
  | 		if (isValid == false)
  | 			isValid = authenticate(principal, credential, activeSubject);
  | 
  | [...]
  | 

The first question is: line with comment //Q1 - is something changed meanwhile, e.g cacheInfo that it's needed a new check for cacheInfo?
------
In my application I get always relogin at every 30 miuntes. 
I am already authenticated when at every 30 minutes it relogins. 
JBoss is let to do its job to destroy everything it needs when the timeout appears.

I called a dumpStack to see who's calling the logout every 30 minutes and I got this:

16:37:08,204 INFO  [STDOUT] **************AMJBossLoginModule --- logout
java.lang.Thread.dumpStack(Thread.java:1158)
[packageName].AmJBossLoginModule.logout(AmJBossLoginModule.java:151)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
java.security.AccessController.doPrivileged(Native Method)
[packageName].LoginContext.invokePriv(LoginContext.java:680)
[packageName].LoginContext.logout(LoginContext.java:629)
[packageName]CustomJaasSecurityManager$DomainInfo.logout(CustomJaasSecurityManager.java:143)
[packageName].CustomJaasSecurityManager$DomainInfo.destroy(CustomJaasSecurityManager.java:176)
org.jboss.util.TimedCachePolicy.get(TimedCachePolicy.java:183)
[packageName].CustomJaasSecurityManager.getCacheInfo(CustomJaasSecurityManager.java:749)
[packageName].CustomJaasSecurityManager.isValid(CustomJaasSecurityManager.java:370)
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
[...]
16:37:08,392 INFO  [STDOUT] **************AMJBossLoginModule --- login


So isvalid() calls logout. Then 
isValid = validateCache(cacheInfo, credential, activeSubject); 
does not set isValid to true ['cause otherwise it wouldn't had authenticate(principal, credential, activeSubject) again.]. 
It validates the cache, cacheInfo is released and then it autheticates again although I've been already authenticated 30 minutes ago, and I've been making operation with the application meanwhile.

I was thinking it's just the cache mechanism and there is nothing to be done.. 

The 2nd question is: Can there be done something to get rid of the relogin every 30 minutes? 


Please advice, thank you.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131850#4131850

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131850

More information about the jboss-user mailing list