4 Replies Latest reply on Apr 7, 2011 4:54 AM by tommyshum83

    Relogin after 30 minutes

    typsy

      Hi,

      I am using JBoss 4.0.5 GA.

      Class [Custom]JaasSecurityManager has a function called isValid which contains this part of code:

      public boolean isValid(Principal principal, Object credential,
       Subject activeSubject) {
      [...]
       boolean isValid = false;
       if (cacheInfo != null) {
       isValid = validateCache(cacheInfo, credential, activeSubject);
      
      //Q1 if (cacheInfo != null)
       cacheInfo.release();
       }
      
       if (isValid == false)
       isValid = authenticate(principal, credential, activeSubject);
      
      [...]
      


      The first question is: line with comment //Q1 - is something changed meanwhile, e.g cacheInfo that it's needed a new check for cacheInfo?
      ------
      In my application I get always relogin at every 30 miuntes.
      I am already authenticated when at every 30 minutes it relogins.
      JBoss is let to do its job to destroy everything it needs when the timeout appears.

      I called a dumpStack to see who's calling the logout every 30 minutes and I got this:

      16:37:08,204 INFO [STDOUT] **************AMJBossLoginModule --- logout
      java.lang.Thread.dumpStack(Thread.java:1158)
      [packageName].AmJBossLoginModule.logout(AmJBossLoginModule.java:151)
      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      java.lang.reflect.Method.invoke(Method.java:585)
      javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      java.security.AccessController.doPrivileged(Native Method)
      [packageName].LoginContext.invokePriv(LoginContext.java:680)
      [packageName].LoginContext.logout(LoginContext.java:629)
      [packageName]CustomJaasSecurityManager$DomainInfo.logout(CustomJaasSecurityManager.java:143)
      [packageName].CustomJaasSecurityManager$DomainInfo.destroy(CustomJaasSecurityManager.java:176)
      org.jboss.util.TimedCachePolicy.get(TimedCachePolicy.java:183)
      [packageName].CustomJaasSecurityManager.getCacheInfo(CustomJaasSecurityManager.java:749)
      [packageName].CustomJaasSecurityManager.isValid(CustomJaasSecurityManager.java:370)
      org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
      [...]
      16:37:08,392 INFO [STDOUT] **************AMJBossLoginModule --- login


      So isvalid() calls logout. Then
      isValid = validateCache(cacheInfo, credential, activeSubject);
      does not set isValid to true ['cause otherwise it wouldn't had authenticate(principal, credential, activeSubject) again.].
      It validates the cache, cacheInfo is released and then it autheticates again although I've been already authenticated 30 minutes ago, and I've been making operation with the application meanwhile.

      I was thinking it's just the cache mechanism and there is nothing to be done..

      The 2nd question is: Can there be done something to get rid of the relogin every 30 minutes?


      Please advice, thank you.

        • 1. Re: Relogin after 30 minutes
          mircea.markus

          This is not related to JBossCache

          • 2. Re: Relogin after 30 minutes
            typsy

             

            "mircea.markus" wrote:
            This is not related to JBossCache


            okay, I see, it's not related to JBoss Cache, but it's related on authenticated users cache.

            • 3. Re: Relogin after 30 minutes
              typsy

              The solution might be, istead of having a simple "return false;" for JaasSecurityManager.refresh(), it may be replaced with this:

              public boolean refresh() {
               expirationTime = System.currentTimeMillis() + (1000 * lifetime);
              //where lifetime usually = DefaultCacheTimeout value from jboss-service.xml
               return true;
              }
              



              Hope this helps. It worked in my case.

              • 4. Re: Relogin after 30 minutes
                tommyshum83

                Hi,

                 

                I'm having the issue to extend the expiration time. Where is this function (refresh()) located? We can change jboss code?

                 

                I found a source in internet to set DefaultCacheTimeout=-1 but it doesn't seem working. Does jboss really support such setting?

                 

                http://sourceforge.net/project/shownotes.php?release_id=337759

                JBAS-2226, The JaasSecurityManagerService DefaultCacheTimeout attribute as applied to the default JaasSecurityManager timed cache policy entries has a bug which limits the effective maximum timeout to Integer.MAX_VALUE/1000 due to a seconds to milliseconds conversion. Since values in the MAX_VALUE range are typically an attempt to never expire an entry, support for indicating this has been added by interpretting a DefaultCacheTimeout value of -1 to mean no expiration. Previously any negative value was the same as 0, and indicated that no caching would occur. Impact: If your are using a value of -1 to indicate that caching should be disabled, you need to change your configuration value to 0.