-
1. Re: How to dynamically change security role without logging
starksm64 May 7, 2005 10:14 AM (in response to rickkw)There is no support for refreshing an existing login's associated roles without reauthenticating.
-
2. Re: How to dynamically change security role without logging
rickkw May 9, 2005 4:51 PM (in response to rickkw)Thanks for the quick response Scott. I am wondering if JBossGenericPrincipal can be made a public class. The security roles I have is stored in my callerPrincipal. I am experimenting subclassing JBossSecurityMgrRealm, and in the getCachedPrincpal method, return a subclass of JBossGenericPrincipal that overrides getRoles() and hasRole(). I am currently stuck at JBossGenericPrincipal being a package private class that I cannot subclass.
Thanks,
--
Rick -
3. Re: How to dynamically change security role without logging
rickkw May 9, 2005 8:22 PM (in response to rickkw)Scott,
One more note: I tested the approach of subclassing JBossSecurityMgrRealm as mentioned above. It works well. I have to recompile JBoss to make JBossGenericPrincipal a public class, along with making public a few of its methods. Would you please make this class public? I am using JBoss 4.0.1.
P.S. I would need
public class JBossGenericPrincipal
public JBossGenericPrincipal(...)
public Principal getAuthPrincipal()
public Principal getCallerPrincipal()
public Object getCredentials()
public Subject getSubject()
Thanks,
--
Rick -
4. Re: How to dynamically change security role without logging
starksm64 May 10, 2005 8:02 AM (in response to rickkw)I don't think I want to support that level of integration as its too tightly coupled to the implementation. There should be some type of refresh capability of the user roles. Create a feature request in jira with your changes and I'll see how this can be supported without requiring subclassing and access to the user representation.
http://jira.jboss.com/jira/browse/JBAS -
5. Re: How to dynamically change security role without logging
anil.saldhana Nov 7, 2007 2:43 PM (in response to rickkw)Look at the JIRA issue:
http://jira.jboss.com/jira/browse/JBAS-1802
The workaround is in:
http://anil-identity.blogspot.com/2007/11/tip-11-refresh-security-roles-within.html
For JBoss5 going forward, we may solve this in a better way than the proposed workaround. -
6. Re: How to dynamically change security role without logging
mcalello Mar 3, 2008 8:46 AM (in response to rickkw)We were able to finally workaround this issue without resorting to turning off all authentication caching in 4.2.2GA.
First I flush the authentication cache for the user who needs their roles refreshed.
http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
Then use the new WebAuthentication class that Anil added (see:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WebAuthentication)
to logout the user and programmatically log them right back in.
Anil, do you see any drawbacks to this approach?
Hope this helps!
-Marc