-
1. Re: How do I flush the Jaas auth cache?
starksm64 Oct 18, 2001 4:07 PM (in response to ikestrel)import org.jboss.jmx.interfaces.RMIConnector;
private static void flushAuthCache(String domain) throws Exception
{
String serverName = InetAddress.getLocalHost().getHostName();
String connectorName = "jmx:" +serverName+ ":rmi";
RMIConnector server = (RMIConnector) new InitialContext().lookup(connectorName);
ObjectName jaasMgr = new ObjectName("Security:name=JaasSecurityManager");
Object[] params = {domain};
String[] signature = {"java.lang.String"};
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
} -
2. Re: How do I flush the Jaas auth cache?
ngandriau Feb 11, 2003 5:13 PM (in response to ikestrel)I tryed this solution but received a bad exception :
javax.management.InstanceNotFoundException: jboss.security:name=JaasSecurityManager is not registered.
......
After a look into jboss-service.xml, I decided to replace "jboss.security:name=JaasSecurityManager" by "jboss.security:service=JaasSecurityManager" and the exception disepared and the cache was flushed.
Hope it help.
Nicolas -
3. Re: How do I flush the Jaas auth cache?
zhan May 28, 2003 2:29 PM (in response to ikestrel)I tried following similar solution to flush the cache, but the strange thing is: it works if I invoke from jboss jmx-console, however, it does not work correctly if I invoke from the code.
Can anybody tell me what's wrong? is it a jboss bug, or am I missing something? here is my flush function, it gets called after I change the user role in database:
public void flushSecurityDomain() throws EMSServerException
{
java.util.ArrayList servers = MBeanServerFactory.findMBeanServer(null);
if (servers.size() != 1) throw new EMSServerException("Not exactly one server found");
MBeanServer server = (MBeanServer) servers.get(0);
String[] params = { "MyDomain" };
String[] signature = { "java.lang.String" };
try
{
ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
System.out.println("After flushAuthenticationCache invoked, domain is" + params[0] );
}
catch (Exception e)
{
e.printStackTrace();
throw new EJBException(e);
}
}
Thanks! -
4. Re: How do I flush the Jaas auth cache?
zhan Jun 6, 2003 7:40 PM (in response to ikestrel)Problem solved!
It looks like this flush function has to be invoked at the last step of bean operation, if I invoke during the middle of the operation, it has some weird behavior. -
5. Re: How do I flush the Jaas auth cache?
sundaram Jul 15, 2003 6:34 PM (in response to ikestrel)hi,
I tried this, its flushing currently logged-in users roles also.
Any other way to flush the cache?
-SR -
6. Re: How do I flush the Jaas auth cache?
kondjboss Aug 28, 2003 6:16 PM (in response to ikestrel)Try this.. this should only flush the user myName
Object[] params = {domain, new org.jboss.security.SimplePrincipal(myName)};
String[] signature = {"java.lang.String","java.security.Principal"};
Thanks,
-AJ -
7. Re: How do I flush the Jaas auth cache?
jkuhn Oct 27, 2003 4:49 PM (in response to ikestrel)I'm running JBoss 3.2.1, and I can't get this code to compile. I must be missing
a jar file or something.
Can somebody tell me where to import the follow classes?:
EMSServerException
MBeanServer
MBeanServerFactory
ObjectName
I am unable to find javax.management.* in any of my jar files. -
8. Re: How do I flush the Jaas auth cache?
juha Nov 1, 2003 8:59 AM (in response to ikestrel)jboss-jmx.jar
-
9. Re: How do I flush the Jaas auth cache?
juha Nov 3, 2003 1:13 PM (in response to ikestrel)Uhm, jmxri.jar is Sun's Reference Implementation.
-
10. Re: How do I flush the Jaas auth cache?
jkuhn Nov 3, 2003 1:23 PM (in response to ikestrel)ok.
Well... it contained the classes I was looking for, and it allowed me to compile.
Anyway, I abandoned that method of clearing the cache.
The problem at hand was that when one person logged in, he got the privs
of the first person that logged in. I discovered that the reason for this was
because the principals of the subject were not being cleared upon logout.
So I'm just making a new loginContext every time I log in, and that gives me
a null subject... problem solved.
Thanks anyway. -
11. Re: How do I flush the Jaas auth cache?
loshsu Feb 12, 2004 1:26 AM (in response to ikestrel)I also tried flushAuthenticationCache() in JaasSecurityManagerService but it's not the cache I want to flush.
After tracing the code a little bit further, I found out the the cache I really needs to flush is inside org.jboss.security.plugins.JaasSecurityManager.
Does this mean I have to customize it so I cound flush the right cache or I missed something important here?
Allen -
12. Re: How do I flush the Jaas auth cache?
starksm64 Feb 12, 2004 1:45 AM (in response to ikestrel)The JaasSecurityManagerService.flushAuthenticationCache operation flushes the underlying JaasSecurityManager associated with the security domain argument, so it is what you want to use.
-
13. Re: How do I flush the Jaas auth cache?
loshsu Feb 12, 2004 4:12 AM (in response to ikestrel)I tried to inject some addtional codes into JaasSecurityManager to trace the cache status. What I expected is after calling JaasSecurityManagerService.flushAuthenticationCache(String securityDomain, Principal user), the cache shouldn't contain the specified usr. But the result shows another story.
1. The flush method is called in vas.fresh.struts.ChangePasswordAction.
2. After that the JaasSecurityManager is called again to to see if it still has the user and it does.
2004-02-12 11:45:19,043 DEBUG [vas.fresh.struts.ChangePasswordAction] flushed: allen
2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] principal: allen, allowRefresh: true
2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] items: [allen]
2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] validateCache, info=Subject
Principal: allen
Principal: Roles(members:FreshAdmin)
,1076557512257
2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] principal: allen, allowRefresh: false
2004-02-12 11:45:26,193 TRACE [vas.common.login.JaasSecurityManager.fresh] items: [allen]
What I can do now is to redue "DefaultCacheTimeout" and "DefaultCacheResolution", so the cache will expire very soon.
But if it can be flushed right away, that will be superb.
Allen -
14. Re: How do I flush the Jaas auth cache?
swankjesse Feb 2, 2005 1:03 PM (in response to ikestrel)Note that this approach does not work in JBoss 3.2.7 (and perhaps earlier versions such as 3.2.5).
See http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials for the latest sample code.