[jboss-user] [Security & JAAS/JBoss] - Re: JAAS login/logout behaviour
abille
do-not-reply at jboss.com
Mon Mar 9 06:04:03 EDT 2009
Hello Anil,
well, I introduced a server side method adminService.logout() doing the following operations:
public void logout() throws MalformedObjectNameException, NullPointerException, InstanceNotFoundException, MBeanException, ReflectionException {
final MBeanServer server = org.jboss.mx.util.MBeanServerLocator.locateJBoss();
final String jaasMgrName = "jboss.security:service=JaasSecurityManager";
final ObjectName jaasMgr = new ObjectName(jaasMgrName);
final Object[] params = { "myDomain" };
final String[] signature = { "java.lang.String" };
@SuppressWarnings("unused")
List users = (List) server.invoke(jaasMgr, "getAuthenticationCachePrincipals", params, signature);
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
users = (List) server.invoke(jaasMgr, "getAuthenticationCachePrincipals", params, signature);
}
We called this method before the second login in the previous code. After a second test run with a not restarted server, we get the completly odd behaviour, that the first call in the adminService.logout() method to "getAuthenticationCachePrincipals" returns a list of
both "ln=admin,oce=org_A" and "ln=admin,oce=org_B".
After calling "flushAuthenticationCache" the second call to "getAuthenticationCachePrincipals" returns in fact a zero list.
But oddly this has no effect on the output on clientside ... it still returns wrongly two times the same principal name.
That is, whatever cache the "flushAuthenticationCache" flushes, it does not seem to be the cache where JBoss caches it's principals.
Also, a colleague of mine has remarked, that we can get a "SecurityAssociation", and the method SecurityAssociation.getPrincipal always returns the correct user, without any need to flush any cache.
However, if the sessionContext.getCallerPrincipal is wrong, are the roles correct?
Secondly, we do think that the client side code should not be aware of any need to call additional mehtods simply to flush a cache, which is an implementation detail on server side ...
Should we file a bug?
Regards,
abille
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4216129#4216129
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4216129
More information about the jboss-user
mailing list