Hello,
I have a jsp page from which I change users roles.
The users are authenticated by DatabaseServerLoginModule, using form-based authentication.
This is my jboss-web.xml file:
<?xml version="1.0"?>
<jboss-web>
<security-domain>java:/jaas/ztc</security-domain>
</jboss-web>
I have an entry in the auth.conf for the domain java:/jaas/ztc
and both authentication and authorization work fine.
Anyway, I cannot flush the jaas cache when I change the roles for users. I tried to do that invoking the
refresh()
method in the following class after updating the database with the new set of roles:
package ztc.web;
import javax.management.*;
public class JBossUserCacheRefresher {
public JBossUserCacheRefresher(){
}
public void refresh() throws Exception {
System.out.println("Refreshing user cache... ");
java.util.ArrayList servers =
MBeanServerFactory.findMBeanServer(null);
if (servers.size() != 1)
throw new Exception("Not exactly one server found");
MBeanServer mbeanServer = (MBeanServer) servers.get(0);
String[] params = { "java:/jaas/ztc" };
String[] signature = { "java.lang.String" };
ObjectName name = new ObjectName("Security", "name","JaasSecurityManager");
mbeanServer.invoke(name, "flushAuthenticationCache", params,signature);
System.out.println("... Done");
}
}
It doesn't work, in the sense that the new roles are applied only if I restart JBoss.
Anyway, no exception is thrown and the method returns normally.
This is the MBean configuration:
org.jboss.security.plugins.JaasSecurityManager
I am using JBoss-2.4.4 + Catalina and I have SSL enabled.
Is there a bad configuration or something else ?
Thanks for your attention.
Bye,
Ludovico