-
1. CMR and too many parameters in delete sql statement
Hi,
I'm sure this issue has been adressed somewhere, but I just could not find it.
I have a problem with Sybase and CMR. Sybase does not like to have more than 300 parameters in one SQL statement. When I delete many CMR relations inside one transaction it fails because generated delete statement has too many parameters.
For example code like this:userTransaction.begin(); UserLocal ul = getUser(); GroupLocal parent = getParentGroup(); Iterator gIter=parent.getChildGroups().iterator(); while (gIter.hasNext()) { GroupLocal gl=(GroupLocal) gIter.next(); ul.getGroups().remove(gl); } userTransaction.commit();
Generated SQL statement is something like "DELETE FROM user_group_member WHERE (fk_user=? AND fk_group=?) OR (fk_user=? AND fk_group=?) OR (fk_user=? AND fk_group=?) OR ..." and so on.
Is there a way to limit the amount of parameters in one DELETE statement and run multiple smaller statements instead of one big statement?
Br,
Pekka -
2. Re: Refresh user roles
In 2.4+ there is a flushAuthenticationCache(String securityDomain) method on the org.jboss.security.plugins.JaasSecurityManagerServiceMBean that can be used to flush any security domain cache.
-
3. Re: Refresh user roles
Per http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ even if you flush authentication caches, ( how do you achieve this without tampering on
jboss source? ) clients still have principal/credentila information stored. And they will use it on the next EJB invocation.
Is there a way to workaround the above problem as well? -
4. Re: Refresh user roles
> In 2.4+ there is a flushAuthenticationCache(String
> securityDomain) method on the
> org.jboss.security.plugins.JaasSecurityManagerServiceM
> ean that can be used to flush any security domain
> cache.
How do I call this method at runtime? -
5. Re: Refresh user roles
I have exactly the same problem. I am thinking about writing a custom LoginModule that subclasses UsernamePasswordLoginModule, as described in http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html, but I don't know if this would even solve the problem. I think it would, but I don't know if the Roles are being cached *inside* the DatabaseServerLoginModule, or somewhere *outside* of it. Does anyone know?
-
6. Re: Refresh user roles
I do call the flushAuthenticationCache method like this. There possibly is a better way, but this is my first try to work with JMX, however it works for me.
import javax.management.*; ... java.util.ArrayList servers = BeanServerFactory.findMBeanServer(null); if (servers.size() != 1) throw new EJBException("Not exactly one server found"); MBeanServer mbeanServer = (MBeanServer) servers.get(0); String[] params = { "yourSecurityDomainName" }; String[] signature = { "java.lang.String" }; try { ObjectName name = new ObjectName("Security", "name", "JaasSecurityManager"); mbeanServer.invoke(name, "flushAuthenticationCache", params, signature); } catch (Exception e) { e.printStackTrace(); throw new EJBException(e); } -
-
8. 3823986
I tried lothar's code to flush the authentication cache, and it worked! I used it from within a servlet that is updating the user roles in the database, and now the user roles are truly dynamic. As a minor note, there was one typo - BeanServerFactory should be MBeanServerFactory. Also, the javax.management package is located in <jboss-home>/lib/jmxri.jar.
-
9. 134431
> The code does work...to some extent. It looks like,
> after flushing, existing users either lose their
> security context, or JBoss logs in previous users as
> 'nobody' on the users' behalf. The reason I believe
> JBoss uses 'nobody' is that I see "User 'nobody'
> authenticated" in the console. Note that I'm using
> DatabaseServerLoginModule and 'nobody' as the
> unauthenticatedIdentity.
>
The 'nobody' message is actually caused by a message driven bean logging in. Silly me. Please ignore this 'nobody' nonsense.
Here is a more detailed scenario that describes the problem I see here. I use a message driven bean to flush the cache once it receives a message from another entity bean. Say I logged in from a web application successfully (I'm running JBoss 2.4.3-Tomcat 4.0). Then, I use an EJB client to force the entity bean to send a message to the message driven bean. Now the JBoss realm is flushed. Then I go back to the logged in session in web browser. When I access a link that I have roles to access, I got "HTTP 403 (Forbidden) - You are not authorized to view this page" error.
Any help?