[JBoss-user] [Security & JAAS/JBoss] - Re: LoginContext retrieving
reostat - If I recall correctly, this may have something to do with how your code moves you to the next page (I believe "login form") upon clicking the "Logout" button. I'm not 100% sure I had agreed with who ever sent me a response, but I moved on... Again, if I recall correctly, a suggestion had been made to not use the request dispatcher to move you to the next page, but instead use the response object: response.sendRedirect("/"); Where response is of type HttpServletResponse and "/" is where you want to go. The rationale of the suggester, if memory servers, was that the session is still somewhat valid in the context of using the request object after a call to session.invalidate(). good luck hoth256 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3933476#3933476 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3933476 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets & JSP] - Re: Session Invalidate + isUserInRole Issue
Thanks Scott! I have to say you are really on top of things, I see your posts all over these forums. I am able to reproduce the intended behavior in 4.0.2 - the same as 4.0.1sp1. Is this behavior specified in the newer servlet spec? Just wondering why the results were different in JBoss 3.2.5? In any case upon using a response.redirect("/") as you suggest, the roles change. Thanks again! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3893142#3893142 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3893142 --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets & JSP] - Re: Session Invalidate + isUserInRole Issue
New infomation: I was NOT able to reproduce the issue in [3.2.5 (build: CVSTag=JBoss_3_2_5 date=200406251954)] I am able to reproduce the issue in [4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)] Downloading 4.0.2 right now - wll post the results. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3893010#3893010 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3893010 --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets & JSP] - Session Invalidate + isUserInRole Issue
Hello this is a duplicate posting of http://www.jboss.com/index.html?module=bb&op=viewtopic&t=67511 (my apologies for the duplicate - but I believe this forum is more apporpriate). Background I'm using j_security_check for form based auth. using a custom login module. Problem: Upon logging in using the custom login module, things work as expected - however, upon logging out by invalidating my session in a "logout" servlet where I use the request dispatcher to take me to the next page, I have things showing up on the page that shouldn't because they are enclosed in isUserInRole blocks. Upon clicking on the logout link again (which, by the way, is one of the things enclosed in a isUserInRole block), things work correctly. I'm fairly certain the page is not being cached. Does the problem have to do with the fact that something having to do with the Principal/Subject is cached in the HttpRequest object (grasping)? I've tried things like creating a new session after invalidating the original. Please help - I've spent way too much time on something as simple as loging a user out. Thanks in advance! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3892983#3892983 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3892983 --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: LoginContext retrieving
Hello all, I think I might need to get a handle to the LoginContext to logout as well... Background I'm using j_security_check for form based auth. using a custom login module. Problem: Upon logging in using the custom login module, things work as expected - however, upon logging out by invalidating my session in a "logout" servlet where I use the request dispatcher to take me to the next page, I have things showing up on the page that shouldn't because they are enclosed in isUserInRole blocks. Upon clicking on the logout link again (which, by the way, is one of the things enclosed in a isUserInRole block), things work correctly. I'm fairly certain the page is not being cached. Does the problem have to do with the fact that something having to do with the Principal/Subject is cached in the HttpRequest object (grasping)? I've tried things like creating a new session after invalidating the original. Please help - I've spent way too much time on something as simple as loging a user out. Thanks in advance! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3892965#3892965 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3892965 --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss.NET & SOAP] - Re: Pluggable Providers work in 3.2.2 but do not work in 3.2
Correction: In the last post I say that I get an exception in JBoss 3.2.2. Actually, the exception is thrown in JBoss 3.2.3. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828760#3828760 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828760 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss.NET & SOAP] - Pluggable Providers work in 3.2.2 but do not work in 3.2.3.
Background: Axis provides a way to use pluggable providers - excerpt from org.apache.axis.deployment.wsdd.WSDDProvider (Axis source code) for method: private static void loadPluggableProviders() | /** | Look for file META-INF/services/org.apache.axis.deployment.wsdd.Provider | in all the JARS, get the classes listed in those files and add them to | providers list if they are valid providers. | | Here is how the scheme would work. | | A company providing a new provider will jar up their provider related | classes in a JAR file. The following file containing the name of the new | provider class is also made part of this JAR file. | | META-INF/services/org.apache.axis.deployment.wsdd.Provider | | By making this JAR part of the webapp, the new provider will be | automatically discovered. | */ | Adding the org.apache.axis.deployment.wsdd.Provider file to the META-INF directory in a WSR file use to work in jboss 3.2.2 however it does not seem to work in jboss 3.2.3. I get the following exception when trying to access the services in any way while deployed in jboss 3.2.2: | 17:12:11,096 INFO [EXCEPTIONS] Exception: | org.apache.axis.ConfigurationException: org.apache.axis.deployment.wsdd.WSDDException: | No provider type matches QName | '{http://xml.apache.org/axis/wsdd/providers/java}CustomRPC' | org.apache.axis.deployment.wsdd.WSDDException: | No provider type matches QName | '{http://xml.apache.org/axis/wsdd/providers/java}CustomRPC' | at org.apache.axis.deployment.wsdd.WSDDProvider.getInstance(WSDDProvider.java:205) | at org.apache.axis.deployment.wsdd.WSDDService.makeNewInstance(WSDDService.java:446) | at org.jboss.net.axis.Deployment.getDeployedServices(Deployment.java:233) | at org.apache.axis.configuration.FileProvider.getDeployedServices(FileProvider.java:321) | at org.apache.axis.transport.http.AxisServlet.reportAvailableServices(AxisServlet.java:681) | at org.apache.axis.transport.http.AxisServlet.doGet(AxisServlet.java:262) | . | . | . | Question: Does anyone have any suggestions? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828732#3828732 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828732 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user