-
1. Re: axis version in upcoming 3.0.1
rickarcmind Feb 24, 2004 8:02 PM (in response to rickarcmind)Hey - NO problem. I am always very grateful of your hard work on this. I'll be patient.
-
2. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 24, 2004 8:42 PM (in response to rickarcmind)I saw this
http://jboss.sourceforge.net/doc-24/ch07s09.html
The example they give seems to set the cache policy.<mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="Security:name=JaasSecurityManager"> <attribute name="SecurityManagerClassName"> org.jboss.security.plugins.JaasSecurityManager </attribute> <attribute name="SecurityProxyFactoryClassName"> org.jboss.security.SubjectSecurityProxyFactory </attribute> <attribute name="AuthenticationCacheJndiName"> srp/SRPAuthenticationCache </attribute> </mbean>
Mine does set a cache policy. Here is my version of the above
from jboss-service.xml<mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager"> <attribute name="SecurityManagerClassName"> org.jboss.security.plugins.JaasSecurityManager </attribute> </mbean>
After looking at the code for org.jboss.security.plugins.JaasSecurityManagerService, it seems to default to a timed cache.public class JaasSecurityManagerService extends ServiceMBeanSupport implements JaasSecurityManagerServiceMBean { ... private static final String DEFAULT_CACHE_POLICY_PATH = "java:/timedCacheFactory"; ...
How do I setup the timed cache? Can I just set this parameter to nothing? Will that override the timed cache?
I'll try. -
3. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 24, 2004 8:45 PM (in response to rickarcmind)private static CachePolicy lookupCachePolicy(String securityDomain) { CachePolicy authCache = null; String domainCachePath = cacheJndiName + '/' + securityDomain; try { InitialContext iniCtx = new InitialContext(); authCache = (CachePolicy) iniCtx.lookup(domainCachePath); } catch(Exception e) { // Failed, treat the cacheJndiName name as a global CachePolicy binding try { InitialContext iniCtx = new InitialContext(); authCache = (CachePolicy) iniCtx.lookup(cacheJndiName); } catch(Exception e2) { log.warn("Failed to locate auth CachePolicy at: "+cacheJndiName + " for securityDomain="+securityDomain); } } return authCache; }
It looks like the lookup just returns a null if it cannot find a cache... Worth a shot
Setting cache policy blank<attribute name="AuthenticationCacheJndiName"> </attribute>
-
4. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 24, 2004 8:52 PM (in response to rickarcmind)Setting the cache policy to nothing did not work! :(
Oh well19:29:20,296 ERROR [Engine] CoyoteAdapter An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:318) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:339) at org.apache.catalina.authenticator.AuthenticatorBase.accessControl(AuthenticatorBase.java:632) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
Help! ;) -
5. Re: JBoss SX seems to cache user/roles
wdrai Feb 25, 2004 7:22 AM (in response to rickarcmind)You should keep the caching on. If you don't, the LoginModule will be called on every request (and it seems that the JaasSecurityManager won't work without cache).
If you want to update the password/roles of users, you have to flush the cache through JMX by calling "jboss.security:service=JaasSecurityManager".flushAuthenticationCache(securityDomain, principal). There are lots of posts in the forums explaining how to do that. -
6. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 25, 2004 9:49 AM (in response to rickarcmind)Thanks.
-
7. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 25, 2004 10:06 AM (in response to rickarcmind)I did some serching around....
I came up with a code snippetObject[] params = new Object[]{jaasDomainName, simplePrincipal}; String[] signature = new String[]{ "java.lang.String ", "java.security.Principal "}; mbeanServer.invoke(jaasObjectName, "flushAuthenticationCache ", params, signature);
Code from http://www.junlu.com/msg/36344.html
I'll need to do some more research. I have not worked with JMX much. But thanks for the trail.
I also found this: (JBossTestServices)/** Flush all authentication credentials for the java:/jaas/other security 295 domain 296 */ 297 3 void flushAuthCache() throws Exception 298 { 299 3 ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); 300 3 Object[] params = {"other"}; 301 3 String[] signature = {"java.lang.String"}; 302 3 invoke(jaasMgr, "flushAuthenticationCache", params, signature); 303 }
The above can be found at:
http://www.thecortex.net/clover/eg/jboss/report/org/jboss/test/JBossTestServices.html
It is sure nice having the entire code base online so it can be googled! -
8. Re: JBoss SX seems to cache user/roles
rickarcmind Feb 25, 2004 11:33 AM (in response to rickarcmind)Well I tried...
I can't seem to init the server....protected void init() throws Exception { if (initialContext == null) { initialContext = new InitialContext(); } if (server == null) { String serverName = System.getProperty("testAdvantage.jboss.server.name"); //not set, this prop is null if (serverName == null) { serverName = InetAddress.getLocalHost().getHostName(); //the host name is RicksMachine } server = (Remote) initialContext.lookup("jmx:" + serverName + ":rmi"); } }
Here is the exception I get.....10:07:15,312 ERROR [STDERR] javax.naming.NameNotFoundException: jmx:RicksMachine:rmi not bound 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:495) 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:503) 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getObject(NamingServer.java:509) 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.lookup(NamingServer.java:282) 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528) 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) 10:07:15,312 ERROR [STDERR] at javax.naming.InitialContext.lookup(InitialContext.java:347) 10:07:15,312 ERROR [STDERR] at org.appfuse.webapp.service.UserManagerJBossSpecific.init(UserManagerJBossSpecific.java:102)