smbd,
You were never completely clear as to what the authentication cache contained.
However, now I know for sure.
You also have not been completely clear about your security domain config for
the Client. Please be more specific about this configuration, as well as how
your client initiates
The client auth.conf file contains
MySecurityDomain {
my.package.ClientSideLoginModule required ;
};
It is a simple single-threaded test application. I didn?t use ?useFirstPass? so
I just copied the SecurityAssociationActions class to my package ? not a good
thing, I?ll change it later.
Smbd,
It would be a good idea to see what the authentication cache contains. So log
a user into your client, and then access a secured EJB (thus causing the server
login). Then using jmx-console inspect the contents of the authentication
cache. It is in mbean
j2ee_junkie,
As I?ve told earlier:
1) I use an EJB. getAuthenticationCachePrincipals() returns [admin]
2) I log out. By timeout or by flushAuthenticationCache(). No other way.
getAuthenticationCachePrincipals() returns [] (empty list)
3) I login again (call an EJB).
So far as I can see, the best way is to follow the code you mentioned earlier
at http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials. I would
like to see what others on this forum have to offer on this subject.
View the original post :
It seems like the code from
http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials doesn't work
as I wrote in my previous posts! Or, I hope I've done something wrong. Anyway,
I faced the situation that there is no authenticated subject but the
credentials provided by the client are
Flushing the server authentication cache triggers a logout on the associated
login modules.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3925106#3925106
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3925106
Thank you for your replying, Scott. Logout is called when flushing the
authentication cache, I?ve checked it :).
The problem it that this cache seems not to be flushed completely, i.e. the
credentials remain cached!
For example, I login to the server, perform some actions. Then I flush the
Yes, I think this can help.
But how can I logout from the server? Calling the logout() method at client
side doesn't logout the user from the server. It calls only
ClientSideLoginModule's method and is not propagated to JBoss. My
ServerSideLoginModule?s logout() method is called only in 7)g)
Another interesting notice.
When I flush the credentials for my security domain via JMX-console the
authenticated user (its principal name) disappears from the list of cached
principals (using getAuthenticationCachePrincipals).
But when aftr that I try my test (calling EJB#1 and EJB#2 methods)
smbd,
Thank you for giving this one more try. You have explained your situation much
better. I really think you problem stems from the fact that you do not log
your users out of system when client is closed. Especially since your
principals have moving credentials.
cgriffith
View the
There is no error and no stack trace :)
The credential for login is the finger print. It is slightly different every
next time and a special third party library deals with the comparing math. But
this comparison takes a long time that is acceptable only once ? in the
LoginModule?s login()
smbd,
Could you please submit more details. We have no info about your client, what
your login-configuration is, how the authenticated Principal is being
propagated to AS, and as Scott suggest, we need TRACE level logging of the
authentication process to see what is going on.
Also, I believe
I?ll try to be more clear.
The client uses a custom client login module, because ClientLoginModule doesn?t
send ObjectCallback. This custom client login module uses SecurityAssociation.
The client logins to the server (actually only to the client side login module)
and calls two security
smbd,
Thanks for trying to be more clear about your situation. However, I am still
having trouble. You still have told us very little about your client and the
login-config of server. So let me try to repeat the situation back to you to
see if I understand.
First though, I want to point
Print a stack trace to illustrate who is calling the login module.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3918597#3918597
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3918597
16 matches
Mail list logo