2 Replies Latest reply on Aug 9, 2010 8:51 AM by asterisk

LoginContext timeout after update from Jboss 4.2.3 to 5.1

asterisk Aug 2, 2010 8:55 AM

Hi,

I am working on an upgrade of our EJB2 application from Jboss 4.2.3 to Jboss 5.1.0. My problem is that the client application can log in and call bean methods, but after a few seconds it is not possible any more, because the user is not authenticated any more.

This is my login-config.xml (partially):

{code:xml}
<application-policy name = "myApp">
    <authentication>      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="sufficient">
        <module-option name="dsJndiName">java:/OracleDS</module-option>
        <module-option name="principalsQuery"><![CDATA[select pswd from user_t where username=? and LOGINFAILCOUNT < 3 and USERLOCKED<>'1']]></module-option>
        <module-option name="rolesQuery">select g.applrolename, 'Roles' from useringroup_t u, groupinapplrole_t g where u.groupname = g.groupname and u.username=?</module-option>
        <module-option name="unauthenticatedIdentity">unauthenticated</module-option>
    </login-module>
  </authentication>
</application-policy>{code}

And here is the code to call the bean method for the first time:

{code}
LoginContext lc = new LoginContext("other", mUsernamePasswordHandler);lc.login();
Hashtable<String, String> props = new Hashtable<String, String>();
props.put(Context.PROVIDER_URL, theProviderURL);
Context ctx = new InitialContext(props);
Ejb2TestHome ejb2beanHome = (Ejb2TestHome)ctx.lookup("Ejb2Test");
Ejb2Test ejb2bean = ejb2beanHome.create();
String answer = ejb2bean.test();{code}

Later I just use (in another class)

{code}
Ejb2TestHome ejb2beanHome = (Ejb2TestHome)ctx.lookup("Ejb2Test");Ejb2Test ejb2bean = ejb2beanHome.create();
String answer1 = ejb2bean.test();{code}

This worked with Jboss 4.2.3. But now I get a SecurityException, the principal "unauthenticated" is used in this case. It only works if I call lc.login() again right before instanciating the bean. Doing this is not a solution, of course, because I would have to change a lot of code.

Does anybody know what I have to change? Do I need to change the Jboss configuration? Or do I need to use another login method in my Swing client?

Thank you in advance!

1. Re: LoginContext timeout after update from Jboss 4.2.3 to 5.1

asterisk Aug 5, 2010 10:34 AM (in response to asterisk)
Hi,

ok, ich chose the latter solution and changed the login mthod to:
{code}
SecurityClient client = null;
try {
client = SecurityClientFactory.getSecurityClient();
} catch (Exception e1) {
mLogger.error("Could not instanciate SecurityClient", e1);
throw new LoginException();
}
client.setJAAS("other", mUsernamePasswordHandler);
client.setVmwideAssociation(true);
client.login();
{code}
The setVmwideAssociation(true) is important. Otherwise it does not work.

Unfortunately I now have trouble with one stateful EJB2 bean, which throws a RemoveException when I try to close it. It says it is still in transaction, but I wonder what transaction that should be. Same code worked with JBoss 4.2.3.

Kind regards

PS: How the hell do you post code snippets here? This strange forum software adds line breaks or not as it likes.
Actions
2. Re: LoginContext timeout after update from Jboss 4.2.3 to 5.1

asterisk Aug 9, 2010 8:51 AM (in response to asterisk)
Hi,

I also fixed the RemoveException now. According to this thread, you have to be careful if you want to call a stateful session bean from a stateless session bean. I added a
{code}@ejb.transaction type="NotSupported"{code}
to the Xdoclet header of my stateless bean and now it works fine. I don't need transaction at that point, anyway.

So as far as I can see, the only problem left is the failing authentification in one of my Mbeans. The login() method works fine, but when I want to instanciate another bean it fails.

Kind regards
Actions

Go to original post