-
1. Re: SRP: Multiple clients
There are more information that might be important to find out what is the problem.
On the server side i have the following configuration:
<application-policy name = "CustomFwRealm">
<login-module code= "org.jboss.security.srp.jaas.SRPCacheLoginModule"
flag = "required">
<module-option name = "cacheJndiName">srp-fw/AuthenticationCache
</module-option>
</login-module>
<login-module code = "com.security.jaas.FwServerLoginModule"
flag = "required">
<module-option name = "password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
The FwServerLoginModule is a login module that creates a principal and gets the user roles.
The strange part is that after the the Client application 2 did the login and the Client application 1 calls the method, the login method of this module is called again.
Althought the login returns true i've got the exception
2004-12-07 12:23:15,690 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=nmeira
and commit is never called... -
-
-
4. 3856857
There was a problem in 3.2.5 with the user being set correctly. This was fixed in 3.2.6. From the 3.2.6RC1 release notes:
Store the SRPPrincipal under the javax.security.auth.login.name key in the sharedState map rather than the username as this is the principal that needs to be associated with any security context. This is needed for multi-session SRP usage. -
-
6. Re: SRP: Multiple clients
I'll try to decribe in detail the steps involved:
Client aplication 1 - login as user nmeira
Login Ok
Client aplication 1 - lookup ebj and invokes method 1
method called
Client aplication 1 - lookup ebj and invokes method 1
method called
Client aplication 2 - login as user nmeira
Login Ok
Client aplication 1 - lookup ebj and invokes method 1
Failled
Exception
[org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=nmeira
Client aplication 2 - lookup ebj and invokes method 1
method called -
7. Re: SRP: Multiple clients
First Login
12-07 12:02:59,127 TRACE [org.jboss.security.srp.SRPService] Cached SRP session for user={username=nmeira, sessionID=0}
2004-12-07 12:02:59,127 TRACE [org.jboss.security.srp.SRPRemoteServer] verify, completed {username=nmeira, sessionID=0}
Second
2004-12-07 12:23:12,190 TRACE [org.jboss.security.srp.SRPService] Cached SRP session for user={username=nmeira, sessionID=1}
2004-12-07 12:23:12,190 TRACE [org.jboss.security.srp.SRPRemoteServer] verify, completed {username=nmeira, sessionID=1}
After the Exception if i do logout of the first:
12:37:02,767 WARN [SRPService] No SRP session found for user={username=nmeira, sessionID=0} -
8. Re: SRP: Multiple clients
There are more information that might be important to find out what is the problem.
On the server side i have the following configuration:
<application-policy name = "CustomFwRealm">
<login-module code= "org.jboss.security.srp.jaas.SRPCacheLoginModule"
flag = "required">
<module-option name = "cacheJndiName">srp-fw/AuthenticationCache
</module-option>
</login-module>
<login-module code = "com.security.jaas.FwServerLoginModule"
flag = "required">
<module-option name = "password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
The FwServerLoginModule is a login module that creates a principal and gets the user roles.
The strange part is that after the the Client application 2 did the login and the Client application 1 calls the method, the login method of this module is called again.
Althought the login returns true i've got the exception
2004-12-07 12:23:15,690 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=nmeira
and commit is never called... -
9. Re: SRP: Multiple clients
Then you'll either need to create a bug report with a complete example that demonstrates the problem or get into the debugger and see why the authentication fails.
-