I have create a JIRA issue for this:
http://jira.jboss.com/jira/browse/JBAS-4384
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4041999#4041999
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4041999
I have created a JIRA issue for this:
http://jira.jboss.com/jira/browse/JBAS-4385
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4042001#4042001
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4042001
As far as I am aware, it isn't possible. The JBoss caching mechanism
doesn't/can't distinguish between where the authentication request comes from -
e.g. a new browser session vs. new page request vs. EJB call. You can try
setting the timeout to 1 second, which would effectively force every
I don't know specifically about your LoginModule, but to get the logged-in
Subject onto the SecurityAssocation stack we need to have two login modules,
one is our own custom one, and the other is the JBoss ClientLoginModule. It is
the ClientLoginModule that pushes the Subject onto the
I have managed to find a workaround - to use the password-sharing option of the
ClientLoginModule to pass the credentials into the ClientLoginModule as a
String instead of letting the ClientLoginModule resolve the password itself via
a PasswordHandler where the credentials appear as a char[]
If you are interested, I have an app where this is all working. I use
FormAuthentication, and have a logout.jsp that we use for logging out:
%
// get the current subject and its context within the security realm
final javax.security.auth.Subject subject = (javax.security.auth.Subject) new
Hi saspad,
I think that the answer is in fact even easier, using standard JAAS:
LoginContext loginContext = new LoginContext(JAAS_MODULE_NAME, new
UsernamePasswordHandler(username, passwordCharArray));
loginContext.login();
try {
// Do stuff here...
} finally {
loginContext.logout();
}
jhmjesus wrote : It tries to propagate the caller security context including
the ClientLoginModule in your login-config.xml. See at
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
Hi jmhjesus,
Thanks for your reply. I understanding what is going on here - the setup works
for us most of
Hi All,
I think that I have found an issue with the representations of Credentials in
JBoss - sometimes they are java.lang.String, and other times char[]. (This is
for JBoss 4.0.4.GA). In particular,
org.jboss.web.tomcat.security.SecurityAssociationValve uses Strings (actually
the root
Hi All,
I've found (I think) a reasonably serious problem with JaasSecurityManager in
JBoss 4.0.4.GA around caching. It doesn't happen very often but it can result
in a logged-out Subject on the stack.
The root of the problem appears to be JaasSecurityManager.authenticate(), where
it logs on
10 matches
Mail list logo
