5 Replies Latest reply on Aug 9, 2007 1:43 PM by anil.saldhana

    Cluster Aware Cache Policy for the Jaas Security Manager

    anil.saldhana

      Some one mentioned about an issue with clustering and usage of Kerberos tickets. When a cluster node fails over to a new machine, a request coming in with a username and a kerberos ticket goes through the jaas framework and the GSS-API throws an error saying that the request is a replay attack.

      The idea is that once a Kerberos setup has been performed with a service using the GSS api, the security cache needs to be the point of contact for the username.

      Your thoughts/feedback?

        • 1. Re: Cluster Aware Cache Policy for the Jaas Security Manager
          starksm64

          This is a general problem when one form of credential is converted into another and you don't have the information to reauthenticate, or don't want to. SRP has the same issue as does DIGEST auth in a cluster.

          • 2. Re: Cluster Aware Cache Policy for the Jaas Security Manager
            anil.saldhana

            Stefan has taken charge of getting us a clustered cache policy. He will discuss it here soon.

            • 3. Re: Cluster Aware Cache Policy for the Jaas Security Manager
              sneusatz

              I've taken a look in the jboss-cache project and it seemed to me that it suits our need of a cluster aware security cache. Besides managing the consistency of cache state in all cluster nodes, it allows for a number of configurations, such as replication messages mode (sync/async) and eviction policies (LRU, MRU, FIFO, etc).

              Currently, the JaasSecurityManagerService instantiates a TimedCachePolicy by default. If we were to make the cache policy configurable, we would have to make some arrangements (like, for example, creating a new CachePolicy subclass to handle clustered environments and allowing the user to define which policy is to be used). On the other hand, maybe it would be possible to simply redefine the cache solution used by JaasSecurityManager to use solely the cluster-aware policy (since TreeCache can also be used in non-clustered environments).

              In any case, the time-out behaviour of the TimedCachePolicy could be achieved by registering eviction policies that would cause the nodes to be evicted after a configurable amout of time. A TreeCacheListener would then register for eviction events and cause the principal to be logged out upon reception of such an event.

              • 4. Re: Cluster Aware Cache Policy for the Jaas Security Manager
                anil.saldhana

                Stefan, u r on the right track. The cluster aware cache policy should not be the default. Only customers needing it will configure it.

                I will take a more detailed look at your description and get back to you.

                • 5. Re: Cluster Aware Cache Policy for the Jaas Security Manager
                  anil.saldhana

                  Scott has long time ago written a CachePolicy that we probably can reuse:

                  org.jboss.ha.framework.server.util.DistributedTimedCachePolicy


                  It is under the cluster module. I am not sure if the HA code in AS is still healthy (I am presuming it is).

                  In this case, it will only be a matter of providing an ObjectModelFactory to bind to DistributedTimedCachePolicy.

                  The default cache object factory is at the end of JaasSecurityManagerService class.