Hi, I am using JBoss 4.0.5 GA.
Class [Custom]JaasSecurityManager has a function called isValid which contains this part of code: public boolean isValid(Principal principal, Object credential, | Subject activeSubject) { | [...] | boolean isValid = false; | if (cacheInfo != null) { | isValid = validateCache(cacheInfo, credential, activeSubject); | | //Q1 if (cacheInfo != null) | cacheInfo.release(); | } | | if (isValid == false) | isValid = authenticate(principal, credential, activeSubject); | | [...] | The first question is: line with comment //Q1 - is something changed meanwhile, e.g cacheInfo that it's needed a new check for cacheInfo? ------ In my application I get always relogin at every 30 miuntes. I am already authenticated when at every 30 minutes it relogins. JBoss is let to do its job to destroy everything it needs when the timeout appears. I called a dumpStack to see who's calling the logout every 30 minutes and I got this: 16:37:08,204 INFO [STDOUT] **************AMJBossLoginModule --- logout java.lang.Thread.dumpStack(Thread.java:1158) [packageName].AmJBossLoginModule.logout(AmJBossLoginModule.java:151) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:585) javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) java.security.AccessController.doPrivileged(Native Method) [packageName].LoginContext.invokePriv(LoginContext.java:680) [packageName].LoginContext.logout(LoginContext.java:629) [packageName]CustomJaasSecurityManager$DomainInfo.logout(CustomJaasSecurityManager.java:143) [packageName].CustomJaasSecurityManager$DomainInfo.destroy(CustomJaasSecurityManager.java:176) org.jboss.util.TimedCachePolicy.get(TimedCachePolicy.java:183) [packageName].CustomJaasSecurityManager.getCacheInfo(CustomJaasSecurityManager.java:749) [packageName].CustomJaasSecurityManager.isValid(CustomJaasSecurityManager.java:370) org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123) [...] 16:37:08,392 INFO [STDOUT] **************AMJBossLoginModule --- login So isvalid() calls logout. Then isValid = validateCache(cacheInfo, credential, activeSubject); does not set isValid to true ['cause otherwise it wouldn't had authenticate(principal, credential, activeSubject) again.]. It validates the cache, cacheInfo is released and then it autheticates again although I've been already authenticated 30 minutes ago, and I've been making operation with the application meanwhile. I was thinking it's just the cache mechanism and there is nothing to be done.. The 2nd question is: Can there be done something to get rid of the relogin every 30 minutes? Please advice, thank you. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131850#4131850 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131850 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user