2 Replies Latest reply on Apr 6, 2009 2:58 AM by anil.saldhana

    Security context  null when logging out from Jboss

    kj_newbie

      I posted this in the installation/configuration forum and was advised to post it here.
      http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221706#4221706

      Have a sample application deployed in JBoss 5.0.0. GA. Everytime, the user logs out from this app., JBoss throws java.lang.IllegalStateException: Security Context is null.

      This does not happen with JBoss 4.2.3

      Full stack trace is also available at the link posted above.

      Thanks

        • 1. Re: Security context  null when logging out from Jboss
          kj_newbie


          I think we kind of fixed it. Got the clue from the security FAQ # 3 (http://www.jboss.org/community/docs/DOC-12198)

          Our code creates its own login-config.xml and that one was missing the following from the ClientLoginModule
          <!-- Any existing security context will be restored on logout -->
          <module-option name="restore-login-identity">true</module-option>

          After adding this to the file, the exception is not thrown anymore.

          Can anyone explain what exactly this option does or where can I find more info on it.
          I will also be reading a little more on JBoss 5.0.0 security.

          Something that's interesting is that the custom login-config.xml file created by our tool, works fine wirh JBoss 4.2.3 (without adding the above lines). Only throws exception with JBoss 5.0.0.

          Thanks

          • 2. Re: Security context  null when logging out from Jboss
            anil.saldhana

            The idea is that when you log out, you need to restore the identity of the user that was on the thread path before the ClientLM got involved.

            Something like:

            userA----now_I_invoke_ejb_with_userB --- ejb_op ----- userB_logout

            Now ClientLM with the option will be set the thread to have userA as the identity.