Hi,
I am using JBoss 4.0.5 GA.
Class [Custom]JaasSecurityManager has a function called isValid which contains
this part of code:
public boolean isValid(Principal principal, Object credential,
| Subject activeSubject) {
| [...]
| boolean isValid = false;
| if (cacheInfo != null) {
| isValid = validateCache(cacheInfo, credential,
activeSubject);
|
| //Q1 if (cacheInfo != null)
| cacheInfo.release();
| }
|
| if (isValid == false)
| isValid = authenticate(principal, credential,
activeSubject);
|
| [...]
|
The first question is: line with comment //Q1 - is something changed meanwhile,
e.g cacheInfo that it's needed a new check for cacheInfo?
------
In my application I get always relogin at every 30 miuntes.
I am already authenticated when at every 30 minutes it relogins.
JBoss is let to do its job to destroy everything it needs when the timeout
appears.
I called a dumpStack to see who's calling the logout every 30 minutes and I got
this:
16:37:08,204 INFO [STDOUT] **************AMJBossLoginModule --- logout
java.lang.Thread.dumpStack(Thread.java:1158)
[packageName].AmJBossLoginModule.logout(AmJBossLoginModule.java:151)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
java.security.AccessController.doPrivileged(Native Method)
[packageName].LoginContext.invokePriv(LoginContext.java:680)
[packageName].LoginContext.logout(LoginContext.java:629)
[packageName]CustomJaasSecurityManager$DomainInfo.logout(CustomJaasSecurityManager.java:143)
[packageName].CustomJaasSecurityManager$DomainInfo.destroy(CustomJaasSecurityManager.java:176)
org.jboss.util.TimedCachePolicy.get(TimedCachePolicy.java:183)
[packageName].CustomJaasSecurityManager.getCacheInfo(CustomJaasSecurityManager.java:749)
[packageName].CustomJaasSecurityManager.isValid(CustomJaasSecurityManager.java:370)
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
[...]
16:37:08,392 INFO [STDOUT] **************AMJBossLoginModule --- login
So isvalid() calls logout. Then
isValid = validateCache(cacheInfo, credential, activeSubject);
does not set isValid to true ['cause otherwise it wouldn't had
authenticate(principal, credential, activeSubject) again.].
It validates the cache, cacheInfo is released and then it autheticates again
although I've been already authenticated 30 minutes ago, and I've been making
operation with the application meanwhile.
I was thinking it's just the cache mechanism and there is nothing to be done..
The 2nd question is: Can there be done something to get rid of the relogin
every 30 minutes?
Please advice, thank you.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131850#4131850
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131850
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
