3 Replies Latest reply on Dec 17, 2004 11:54 AM by starksm64

    client JAAS logout from two different j2ee applications prob

    catalean
    catalean Dec 15, 2004 7:33 AM

      Hi,

      I have two j2ee applications deployed inside a JBoss3.2.3 instance; each of the applications has its own security domain and i use the same client application to access them. For each of the two j2ee applications i've wrote a coresponding custom server login module; for the login part everything works fine, depending on to which application the login is made (using different LoginContext instances), the corresponding login module is invoked to perform authentication. But when i wan't to logout only from one app (using again different LoginContext instances) the other login module is invoked...which normaly doesn't know about the user that wants to logout. Here is the error on the server side:

      2004-12-15 14:06:10,375 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=Administrator
2004-12-15 14:06:10,375 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Authentication exception, principal=Administrator
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
 at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:107)
 at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
 at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
 at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:144)
 at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:62)
 at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:269)
 at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
 at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
 at org.jboss.ejb.StatefulSessionContainer.internalInvoke(StatefulSessionContainer.java:416)
 at org.jboss.ejb.Container.invoke(Container.java:700)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
 at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:367)
 at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
 at sun.rmi.transport.Transport$1.run(Transport.java:148)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
 at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
 at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
 at java.lang.Thread.run(Thread.java:534)


      My client auth.conf file: 

      c-lims-client
{
 ro.citrusmedia.lims.base.ui.moduleparts.security.CLCLientLoginModule required
 ;

 org.jboss.security.ClientLoginModule required
 ;
};

c-lims-web-client
{
 org.jboss.security.ClientLoginModule required
 ;
};


      When i want to logout from "c-lims-web-client" the "c-lims-client" login module is invoked to perform the action..

      Any ideeas on what i'm doing wrong?

      Thanks

      • 3501 Views
      • Tags:
        • 1. Re: client JAAS logout from two different j2ee applications
          starksm64
          starksm64 Dec 16, 2004 1:48 PM (in response to catalean)

          You'll have to show in more detail what your are doing. If you have an example create a bug report with it here:
          http://jira.jboss.com/jira/browse/JBAS

            • Actions
          • 2. Re: client JAAS logout from two different j2ee applications
            catalean
            catalean Dec 17, 2004 11:41 AM (in response to catalean)

            Here is what i'm doing, maybe, hopefully i'm doing something wrong; in very short terms:
            - client login to one of the j2ee applications => ok (this is done when first time executing "create" on a found EJB home)
            - execute an operation on the first j2ee app => ok
            - same client login to the second j2ee application => ok (this is done when first time executing "create" on a found EJB home)
            - logout from the first j2ee app =>tryies to logout the user that i used to access the second app. (there are different user that have access on each app, both app are deployed on the same JBoss instance).

            It's seems to me that the LoginContext instances are mixed up, because i've resolved the problem by logging in and logging out after each operation executed on the second app; this way everything works fine, but maybe this not a solution to execute a login/logout everytime access to server is needed, or?

            Thanks, hope this clears up things more, but i can submit code if you need

              • Actions
            • 3. Re: client JAAS logout from two different j2ee applications
              starksm64
              starksm64 Dec 17, 2004 11:54 AM (in response to catalean)

              Every call has to establish its call context. If a single user thread is accessing apps with different security domains, then it has to login with the correct identity for each domain.

                • Actions