Unfortunately adding this code has not altered my results.
Here is the code I'm executing to clear and update the security manager:
try
{
ArrayList servers = MBeanServerFactory.findMBeanServer(null);
if (servers.size() != 1)
throw new ServiceNotFoundException("Should be exactly one mbean server.");
mbeanServer = (MBeanServer) servers.get(0);
}
catch (Exception e)
{
// catch any exception from jboss and wrap it in a command exception
// so that this manager may be used from within the ILS
throw new CommandException(e);
}
...
String securityDomain = "ils";
ObjectName jaasName = new ObjectName("jboss.security:service=JaasSecurityManager");
mbeanServer.invoke(jaasName, "flushAuthenticationCache", flushParams, flushSignature);
boolean isValid = new Boolean(mbeanServer.invoke(jaasName, "isValid", validParams, validSignature).toString()).booleanValue();
System.out.println(">>>>>>>>>>>>>>>> VALIDATION RESULT: " + isValid);
if(isValid)
{
char[] passwordChars = null;
if( password != null )
passwordChars = password.toCharArray();
SecurityAssociation.setPrincipal(user);
SecurityAssociation.setCredential(passwordChars);
}
The code above is currently being executed from the exitPoint of my application. Here is what shows up in the log when I run this:
2003-10-02 13:24:02,791 INFO [com.ignite.presentation.servlet.ActionServlet] Complete execute changePasswd for dem181 55A47A08747B525507793BFB0F07F60E time=200ms
2003-10-02 13:24:02,801 INFO [STDOUT] >>>>>>>>>> COMMAND EXECUTION HAS CHANGED THE USER'S CREDENTIAL. ATTEMPT TO UPDATE SECURITY MANAGER
2003-10-02 13:24:02,841 INFO [STDOUT] >>>>>>>>>>>> INVOKED AUTHENTICATION CACHE MANAGER FOR USER: dem181 WITH CREDENTIAL: xxxxxx
2003-10-02 13:24:02,841 INFO [STDOUT] >>>>>>>>>>>>>>>> REMOVING PRINCIPAL: dem181 FROM CACHE: org.jboss.util.TimedCachePolicy@330fb9
2003-10-02 13:24:02,881 INFO [STDOUT] >>>>>>>>>>>>>> PASSWORD TO VALIDATE: xxxxxx
2003-10-02 13:24:02,881 INFO [STDOUT] >>>>>>>>>>>>>> ENCRYPTED TARGET: dad3a37aa9d50688b5157698acfd7aee
2003-10-02 13:24:02,891 INFO [STDOUT] >>>>>>>>>>>>>>>>> INSERTING AUTHENTICATION CACHE ENTRY FOR PRINCIPAL: dem181 WITH CREDENTIAL: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1b56bda
2003-10-02 13:24:02,891 INFO [STDOUT] >>>>>>>>>>>>>>>> VALIDATION RESULT: true
2003-10-02 13:24:02,891 INFO [STDOUT] >>>>>>>>>> AUTHENTICATION CACHE AND SECURITY ASSOCIATIONS HAVE BEEN RESET
2003-10-02 13:24:03,102 INFO [STDOUT] >>>>>>>>>>>>>> PASSWORD TO VALIDATE: zzzzzz
2003-10-02 13:24:03,102 INFO [STDOUT] >>>>>>>>>>>>>> ENCRYPTED TARGET: dad3a37aa9d50688b5157698acfd7aee
2003-10-02 13:24:03,102 DEBUG [com.ignite.appserver.security.EncryptedPasswordLoginModule] Bad password for username=dem181
2003-10-02 13:24:03,112 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=dem181
2003-10-02 13:24:03,112 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ils] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:462)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:417)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:244)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:219)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:291)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:173)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invoeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
Note that the new password 'xxxxxx' appears to be inserted into the security manager and yet the old one 'zzzzzz' is submitted for validation on the next attempt at access.
Is there something fatally flawed in attempting to perform this operation using only the mbean interface? For that matter is there something fatally flawed in attempting to do this from an environment which is essentially outside the context of an ejb method invocation?
Thanks for the contiued aid.
- Dan