-
1. Re: Security context null when logging out from Jboss
kj_newbie Mar 31, 2009 7:33 PM (in response to kj_newbie)
I think we kind of fixed it. Got the clue from the security FAQ # 3 (http://www.jboss.org/community/docs/DOC-12198)
Our code creates its own login-config.xml and that one was missing the following from the ClientLoginModule
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
After adding this to the file, the exception is not thrown anymore.
Can anyone explain what exactly this option does or where can I find more info on it.
I will also be reading a little more on JBoss 5.0.0 security.
Something that's interesting is that the custom login-config.xml file created by our tool, works fine wirh JBoss 4.2.3 (without adding the above lines). Only throws exception with JBoss 5.0.0.
Thanks -
2. Re: Security context null when logging out from Jboss
anil.saldhana Apr 6, 2009 2:58 AM (in response to kj_newbie)The idea is that when you log out, you need to restore the identity of the user that was on the thread path before the ClientLM got involved.
Something like:
userA----now_I_invoke_ejb_with_userB --- ejb_op ----- userB_logout
Now ClientLM with the option will be set the thread to have userA as the identity.