Flushing the credential cache ==> InstanceNotFoundException
benoitx Jan 28, 2008 10:15 AMHi
We're using the DatabaseServerLoginModule but for all intent, when my user decides to change its password, I would like to flush the cache.
We're using JBoss-4.0.5-GA
I'm trying to follow the code on: http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
Unfortunately, I know very little about MBeans and I seem to get an InstanceNotFoundException everytime on this call:
MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
Why? The full code is as follows:
private void flushCache(String loginId) { String domain = "jmx-console"; Principal user = new SimplePrincipal(loginId); ObjectName jaasMgr; try { jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); Object[] params = { domain, user }; String[] signature = { "java.lang.String", Principal.class.getName() }; MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); server.invoke(jaasMgr, "flushAuthenticationCache", params, signature); } catch (MalformedObjectNameException e) { log.error("Cannot flush", e); } catch (NullPointerException e) { log.error("Cannot flush", e); } catch (InstanceNotFoundException e) { log.error("Cannot flush", e); } catch (MBeanException e) { log.error("Cannot flush", e); } catch (ReflectionException e) { log.error("Cannot flush", e); } }
My login-config.xml is
<application-policy name="atrium-security"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">misterx</module-option> <module-option name="dsJndiName">java:/AtriumDS</module-option> <module-option name="principalsQuery"> select PASSWORDMD5 from safemarginuser where LOGINID=? and STATE='ACT' and FAILEDLOGIN < 10 </module-option> <module-option name="rolesQuery"> select ROLE, 'Roles' from loginrole A, safemarginuser B where B.ID=A.USER_ID and A.CLIENT_ID=B.CLIENT_ID and B.LOGINID=? </module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option> </login-module> </authentication> </application-policy>
My jboss-service.xml (in server/default/conf) is, as far as I can tell, the original one:
<!-- JAAS security manager and realm mapping --> <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager"> <!-- A flag which indicates whether the SecurityAssociation server mode is set on service creation. This is true by default since the SecurityAssociation should be thread local for multi-threaded server operation. --> <attribute name="ServerMode">true</attribute> <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute> <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute> <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout in seconds. If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheTimeout">1800</attribute> <!-- DefaultCacheResolution: Specifies the default timed cache policy resolution in seconds. This controls the interval at which the cache current timestamp is updated and should be less than the DefaultCacheTimeout in order for the timeout to be meaningful. This has no affect if the AuthenticationCacheJndiName has been changed from the default value. --> <attribute name="DefaultCacheResolution">60</attribute> </mbean>
The caller of flushCache is a POJO but running from a Stateless Session Bean. Is there a classloader issue?
I am obviously doing something wrong, any pointer/solution/suggestion would be very welcomed!
Thanks!
Benoit