This content has been marked as final.
Show 5 replies
-
1. Re: CachingLoginCredentials
milkygto Mar 31, 2005 3:06 PM (in response to milkygto)public Principal getPrincipal(String securityDomain, Principal principal);
Maybe I should just use this to get the principal and logout()? -
2. Re: CachingLoginCredentials
milkygto Mar 31, 2005 6:29 PM (in response to milkygto)Never mind, I found it
String domain = "jmx-console"; Principal user = new SimplePrincipal("javaduke"); ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); Object[] params = {domain, user}; String[] signature = {"java.lang.String", Principal.class}; MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
-
3. Re: CachingLoginCredentials
milkygto Mar 31, 2005 7:02 PM (in response to milkygto)This code work fine. I just wonder if flushing the user cache is equal to logging out? How can I log out the user?
private void logout(Principal user) { try { String domainName = "domain"; MBeanServer server = (MBeanServer) MBeanServerFactory .findMBeanServer(null).get(0); String jaasMgrName = "jboss.security:service=JaasSecurityManager"; ObjectName jaasMgr = new ObjectName(jaasMgrName); Object[] params = { domainName }; String[] signature = { "java.lang.String" }; List users = (List) server.invoke(jaasMgr, "getAuthenticationCachePrincipals", params, signature); for (int i = 0; i < users.size(); i++) { SimplePrincipal principal = (SimplePrincipal) users.get(i); log.info("user = " + principal); if (user.equals(principal)) { log.info("Logging out"); Object[] pParams = { domainName, user }; String[] pSignature = { "java.lang.String", "java.security.Principal"}; server.invoke(jaasMgr, "flushAuthenticationCache", pParams, pSignature); } } } catch (MalformedObjectNameException e) { log.error("Malformed Object", e); } catch (NullPointerException e) { log.error("Null Pointer", e); } catch (InstanceNotFoundException e) { log.error("Instance not found", e); } catch (MBeanException e) { log.error("MBean Exception", e); } catch (ReflectionException e) { log.error("Reflection Exception", e); } }
-
4. Re: CachingLoginCredentials
milkygto Mar 31, 2005 8:30 PM (in response to milkygto)I am so stupid...
HttpSession session = request.getSession();
session.invalidate();
it is all you need to log out the session. I thought i need to clear the cache or something. So how come even I clear the cache, I am still in the session? -
5. Re: CachingLoginCredentials
starksm64 Mar 31, 2005 9:22 PM (in response to milkygto)Sessions integrate with the jboss security layer, not the other way around since tomcat can run without jboss.