-
1. Re: Authentification problems in Jboss 5
ragavgomatam Jul 16, 2008 10:13 PM (in response to tgueze)Try setting the Cache in login-config.xml as zero
-
2. Re: Authentification problems in Jboss 5
tgueze Sep 19, 2008 8:47 AM (in response to tgueze)Thanks for the response ragavgomatam but it didn't work.
I'm using the Jboss 5 RC2 version and I have the same trouble.
Same configuration : a login module performing the authentification on the client side, the ClientLoginModule on the server side.
I'm using EJB 3 stateless session beans.
So a user is logged perform some operations on the beans, then it log out and log an different user and it perform some operations too. I have run these steps in debug mode, and the login is committed, so I assume my new user is logged.
In the server side, when I retrieve the caller name in the beans, I get the old user name.
The first user is also the first caller of the beans.
I setted the cache to 0 and set the multi-threaded and restore-login-identity to true but it had no effect.
Any idea?
Thanks in advance. -
3. Re: Authentification problems in Jboss 5
jaikiran Sep 19, 2008 9:32 AM (in response to tgueze)I may be way off target, but i think this has something to do with the ClientLoginModule. See if this wiki is of any help http://wiki.jboss.org/wiki/ClientLoginModule
-
4. Re: Authentification problems in Jboss 5
tgueze Sep 19, 2008 10:49 AM (in response to tgueze)I agree and I have read the wiki page.
I tried to set the different options but it didn't solve my problem.
I certainly miss something in the configuration, but I can't figure out what... -
5. Re: Authentification problems in Jboss 5
tgueze Sep 23, 2008 10:19 AM (in response to tgueze)Nobody have a clue?
The EJB Context should be refresh between two calls, right?
The user admin is the first caller of my EJB (so creating the instances) and I get him as principal name even after logout and login of another user. Are they any configuration in Jboss concerning this point?
Thanks. -
6. Re: Authentification problems in Jboss 5
hanselmo Sep 25, 2008 7:55 AM (in response to tgueze)I've the same problems.
I'm testing my ejbs with junit and I try to access with ClientLoginModule (JAAS method) and also with JndiLoginInitialContextFactory in the lookup properties (JNDI method) methods works well in jboss-4.2.3 but not in jboss-5.0.0.CR2.
1) JndiLoginInitialContextFactory doesn't work anymore.
2) ClientLoginModule works but I've your problem. I think it's bug. Try to get the subject with the jboss API SecurityAssociation.getSubject(). It works but it's just a trick. -
7. Re: Authentification problems in Jboss 5
tgueze Sep 25, 2008 9:38 AM (in response to tgueze)I feel less alone :)
I don't know for the JndiLoginInitialContextFactory.
Thanks for the work around, it works in my case but I cannot use it.
So, I have created a jira issue : https://jira.jboss.org/jira/browse/JBAS-5995 -
8. Re: Authentification problems in Jboss 5
hanselmo Sep 25, 2008 12:31 PM (in response to tgueze)Some news...my test works if I make again the lookup of the ejb after the second loginContext.login().
I think the workaround now for you is to make new ejb lookup after every loginContext.login() (just for stateless ejb). -
9. Re: Authentification problems in Jboss 5
tgueze Sep 25, 2008 1:08 PM (in response to tgueze)I've just tried but it didn't work for me.
Strange issue... -
10. Re: Authentification problems in Jboss 5
hanselmo Sep 25, 2008 7:52 PM (in response to tgueze)sorry...I tested better and I've the same problem...
-
11. Re: Authentification problems in Jboss 5
jaikiran Sep 27, 2008 6:50 AM (in response to tgueze)I tested this on 4.2.3 and 5.0 CR2. Works on 4.2.3 but not on 5.0 CR2. I looked at the source code of JBoss-4.2.x and JBoss-5. Looks like this is a bug in JBoss-5 where the interceptor (Ejb3AuthenticationInterceptorv2) doesn't seem to be popping the subject.
If someone from the JBoss dev team confirms this, you might want to file a JIRA with a simple application demonstrating this issue. -
12. Re: Authentification problems in Jboss 5
karltraunmueller Apr 8, 2009 1:54 AM (in response to tgueze)Hi all,
we have also experienced these problems - the Principal associated with Stateless session beans seemed to be randomly wrong.
I think the problem is in org.jboss.ejb3.EJBContextImpl.getCallerPrincipal:public Principal getCallerPrincipal() { if(beanPrincipal == null) { EJBContainer ec = (EJBContainer) container; SecurityDomain domain = ec.getAnnotation(SecurityDomain.class); Principal callerPrincipal = ejbContextHelper.getCallerPrincipal( SecurityActions.getSecurityContext(), rm, domain); // This method never returns null. if (callerPrincipal == null) throw new java.lang.IllegalStateException("No valid security context for the caller identity"); beanPrincipal = callerPrincipal; } return beanPrincipal; }
The beanPrincipal associated with the SLSB is lazy initialized, but never reset thereafter.
So, once the SLSB goes back into the pool (after a first invocation), and is later reused for another invocation, the prinicipal isn't correctly reassociated with the current principal - the principal from the first call is still there.
The problem is still present in JBoss 5.0.0.GA, JBAS-5995 is still open.
Can anyone comment on this?
regards,
Karl -
13. Re: Authentification problems in Jboss 5
karltraunmueller Apr 27, 2009 12:21 PM (in response to tgueze)I have created a simple test scenario (that should demonstrate the issue) and attached it to the Jira.
Can anyone comment on this?
regards,
Karl