-
-
2. Re: Adding roles to user on the fly
kuzmiigo Jul 25, 2006 9:48 AM (in response to osganian)Hello!
I understand that disabling or flushing cache doesn't help. It helps when user logs in again, but doesn't help to update "Roles" group of the Subject on the fly (while user is still logged in).
Nevertheless, is it possible to update user roles without need for user to log out?
Best regards,
Igor -
3. Re: Adding roles to user on the fly
starksm64 Jul 28, 2006 9:34 AM (in response to osganian)That is not correct. If you flush the cache the existing authentication is revalidated which means reloading the Subject and its roles.
-
4. Re: Adding roles to user on the fly
kuzmiigo Jul 28, 2006 11:15 AM (in response to osganian)Thank you for your reply.
Unfortunately, I cannot get it work. I have cache disabled, I flush the cache, but still roles remain the same. From the log I see that LoginModules (I use custom LoginModule to populate roles group) are not called.
Igor -
5. Re: Adding roles to user on the fly
kuzmiigo Jul 29, 2006 3:22 PM (in response to osganian)Some additional information.
jboss-web.xml:<jboss-web> <security-domain>java:/jaas/testdomain</security-domain> </jboss-web>
From login-config.xml:<application-policy name="testdomain"> <authentication> <login-module code="com.test.security.SpecialLoginModule1" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="dsJndiName">java:/DefaultDS</module-option> </login-module> <login-module code="com.test.security.SpecialLoginModule2" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="dsJndiName">java:/DefaultDS</module-option> </login-module> </authentication> </application-policy>
Flushing code:String domain = "testdomain"; Principal principal = new SimplePrincipal(user.getUsername()); ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); Object[] params = { domain, principal }; String[] signature = { "java.lang.String", Principal.class.getName() }; MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);
Credentials caching is disabled, after flushing (just in case) Subject is not populated again (LoginModules are not called again to populate "Roles" group).
I would be grateful for your comments,
Igor -
6. Re: Adding roles to user on the fly
starksm64 Jul 30, 2006 6:08 PM (in response to osganian)Show the trace level logging of the org.jboss.security category that demonstrates what is happening. Q4 of the following shows the key categories:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ -
7. Re: Adding roles to user on the fly
kuzmiigo Jul 30, 2006 8:01 PM (in response to osganian)Scott,
I sent you the security log by e-mail.
Thank you again,
Igor -
8. Re: Adding roles to user on the fly
ziliop Oct 28, 2010 8:17 AM (in response to osganian)This is an old thread but is the only i found that match my problem.
So. I need to add/remove roles to a subject on the fly, but i have multiple webapps in the same server. When i add a role to a subject in /contextA, i need it reflects in /contextB, /contextC and so on...
We are using JBoss 4.2.3-GA.
server.xml has:
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
and we have a Custom LoginModule
Thanks for your help.