[jboss-user] [Security & JAAS/JBoss] - Flushing the credential cache ==> InstanceNotFoundException

benoitx do-not-reply at jboss.com
Mon Jan 28 10:15:24 EST 2008 

Hi

We're using the DatabaseServerLoginModule but for all intent, when my user decides to change its password, I would like to flush the cache.

We're using JBoss-4.0.5-GA

I'm trying to follow the code on: http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials

Unfortunately, I know very little about MBeans and I seem to get an InstanceNotFoundException everytime on this call:
MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);

Why? The full code is as follows:


  |     private void flushCache(String loginId) {
  |         String domain = "jmx-console";
  |         Principal user = new SimplePrincipal(loginId);
  |         ObjectName jaasMgr;
  |         try {
  |             jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
  |             Object[] params = { domain, user };
  |             String[] signature = { "java.lang.String", Principal.class.getName() };
  |             MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
  |             server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
  |         } catch (MalformedObjectNameException e) {
  |             log.error("Cannot flush", e);
  |         } catch (NullPointerException e) {
  |             log.error("Cannot flush", e);
  |         } catch (InstanceNotFoundException e) {
  |             log.error("Cannot flush", e);
  |         } catch (MBeanException e) {
  |             log.error("Cannot flush", e);
  |         } catch (ReflectionException e) {
  |             log.error("Cannot flush", e);
  |         }
  |     }
  | 

My login-config.xml is

  | <application-policy name="atrium-security">
  | <authentication>
  |     <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  | 	<module-option name="unauthenticatedIdentity">misterx</module-option>
  | 	<module-option name="dsJndiName">java:/AtriumDS</module-option>
  | 	<module-option name="principalsQuery">
  | 	    select PASSWORDMD5 from safemarginuser where LOGINID=? and STATE='ACT' and FAILEDLOGIN < 10
  | 	</module-option>
  | 	<module-option name="rolesQuery">
  | 	    select ROLE, 'Roles' from loginrole A, safemarginuser B where B.ID=A.USER_ID and A.CLIENT_ID=B.CLIENT_ID and B.LOGINID=?
  | 	</module-option>
  | 	<module-option name="hashAlgorithm">MD5</module-option>
  | 	<module-option name="hashEncoding">base64</module-option>
  |     </login-module>
  | </authentication>
  | </application-policy>
  | 

My jboss-service.xml (in server/default/conf) is, as far as I can tell, the original one:


  |    <!-- JAAS security manager and realm mapping -->
  |    <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
  |       name="jboss.security:service=JaasSecurityManager">
  |       <!-- A flag which indicates whether the SecurityAssociation server mode
  |       is set on service creation. This is true by default since the
  |       SecurityAssociation should be thread local for multi-threaded server
  |       operation.
  |       -->
  |       <attribute name="ServerMode">true</attribute>
  |       <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
  |       <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
  |       <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
  |       in seconds.
  |       If you want to disable caching of security credentials, set this to 0 to
  |       force authentication to occur every time. This has no affect if the
  |       AuthenticationCacheJndiName has been changed from the default value.
  |       -->
  |       <attribute name="DefaultCacheTimeout">1800</attribute>
  |       <!-- DefaultCacheResolution: Specifies the default timed cache policy
  |       resolution in seconds. This controls the interval at which the cache
  |       current timestamp is updated and should be less than the DefaultCacheTimeout
  |       in order for the timeout to be meaningful. This has no affect if the
  |       AuthenticationCacheJndiName has been changed from the default value.
  |       -->
  |       <attribute name="DefaultCacheResolution">60</attribute>
  |    </mbean>
  | 

The caller of flushCache is a POJO but running from a Stateless Session Bean. Is there a classloader issue?

I am obviously doing something wrong, any pointer/solution/suggestion would be very welcomed!

Thanks!

Benoit

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4124095#4124095

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4124095

More information about the jboss-user mailing list