[JBoss-user] [Security & JAAS/JBoss] - logout with multiple credentials.

Fri, 05 Mar 2004 09:22:53 -0800 

Hi.

I'm having a rather odd and difficult problem, so please forgive me if the following 
is not understandable.

We have a custom login module which works as follows:

When a user logs in, the module goes to an external server and retrieves a ticket.  
This ticket is now set as this users credential, and once a user has a ticket it is 
this ticket which our login module uses for authentication.  Everything works fine 
until this user logs out and logs back in.  Upon logging in again, he receives a new 
ticket which becomes his new credential.

If this user then tries to call an EJB, The JaasSecurityManager attempts to validate 
this user against it's cache (I'm using the default TimedCachePolicy) but it finds 
that the credential does not match what it has cached and so removes it from the 
DomainInfo cache, destroys it, and adds it back to the cache.  The process of 
destroying it uses LoginContext.logout() which goes through the entire JAAS stack and 
calls our custom logout so now the currently active principal is Null and the EJB call 
will fail as there is no principal and therefore no group.

Once this initial EJB call fails, all subsequent calls are OK as the DomainInfo cache 
is up to date.

My question is: Why does the DomainInfo object call the LoginContext.logout() when it 
destroys itself?  Is there a way for me to remove the DomainInfo object from the 
JaasSecurityManager cache when I do the logout (when I look through the code, I don't 
think so...)?

Once again, I apologize if this post is unintelligible.  We seem to have an extremely 
complex Authentication system and now that I'm trying to work it into the JAAS 
framework, I'm in a little bit over my head.

thanks.

Pete.

          

<a 
href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3824412#3824412";>View 
the original post</a>

<a 
href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3824412>Reply 
to the post</a>


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to