6 Replies Latest reply on Jun 30, 2004 7:30 AM by gorano

    Roles Update Problem

    rkarn Jun 8, 2004 5:44 AM

      Hi all,

      currently I have a problem with the apply of new Roles for a Principal.
      It seems my JBoss doesn't notice new applied Roles until it will be restarted.

      Scenario:

      1. The Principal 'root' has the role 'Admin' and therefore he can call a method 'abc' for which the role 'Admin' is defined.

      2. Principal 'doe' has the role 'User' only and therefore he can't call the method 'abc'.

      3. 'root' adds the Role 'Admin' for the Principal 'doe' to the Roles table by calling a session bean method.

      I assumed that the user 'doe' can call the method 'abc' now. But he can't until I restart the JBoss.


      Is there any information about that problem around?

      Thank you,
      Nod

      • 4132 Views
      • Tags:
        • 1. Re: Roles Update Problem
          gorano
          gorano Jun 9, 2004 3:28 PM (in response to rkarn)

          If you leave your application and have a coffe, you will be able to use the new role when you come back.

          There is a cache and a time to live setting you can play with. Default is 30 minutes.

          Make your changes in jboss-service.xml
          org.jboss.security.plugins.JaasSecurityManagerService

          /G


            • Actions
          • 2. Re: Roles Update Problem
            clcantrell
            clcantrell Jun 14, 2004 10:16 PM (in response to rkarn)

            I had the same problem. All you have to do is upon role update, Flush the JAASSecurityManger's cache. This will force the the principal to go through the login module again, populating all the new roles.

              • Actions
            • 3. Re: Roles Update Problem
              rkarn Jun 15, 2004 10:09 AM (in response to rkarn)

              Thank you for the hints. Flushing the JAASSecurityManger's cache does it.

                • Actions
              • 4. Re: Roles Update Problem
                auckyboy
                auckyboy Jun 29, 2004 9:04 PM (in response to rkarn)

                Hi Nod/clcantrell, gorano,

                Can you please elaborate on how to clear the cache and change the time to live.

                Tthx

                  • Actions
                • 5. Re: Roles Update Problem
                  gorano
                  gorano Jun 30, 2004 7:21 AM (in response to rkarn)

                  In jboss-service.xml you will find:

                  <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <attribute name="SecurityManagerClassName">
 org.jboss.security.plugins.JaasSecurityManager
 </attribute>
 </mbean


                  Add parameters: 

                  <attribute name="DefaultCacheTimeout">TimeoutInSeconds</attribute>
<attribute name="DefaultCacheResolution">TimeoutInSeconds</attribute>


                  If not specified, JBoss use the following values:

                  DefaultCacheTimeout=1800
                  DefaultCacheResolution=60 (interval to check the cache)

                  /G







                    • Actions
                  • 6. Re: Roles Update Problem
                    gorano
                    gorano Jun 30, 2004 7:30 AM (in response to rkarn)

                    To be able to flush the entire cache, you can invoke the flushAuthenticationCache method.

                    /G

                      • Actions