There should be an equivalent operation available through the CLI. Maybe you can see if executing a command like: '/subsystem=security/security-domain=other:flush-cache' does the trick.

Juergen Zimmermann wrote:

 

Can I invoke the CLI programmatically, e.g. inside a session bean?

Please dont call the CLI from the session bean

I'll see what the CLI operation ends up calling and if that's exposed as a public API to end users.

What you'll require is the Management client API and invoke on that API. For that you'll need to know the API jars and other details of how to use it. The high level overview is here https://docs.jboss.org/author/display/AS7/Management+Clients. I'll let someone with more knowledge of the APIs let you know how to get started with invoking on them.

jaikiran pai wrote:

 

What you'll require is the Management client API and invoke on that API. For that you'll need to know the API jars and other details of how to use it. The high level overview is here https://docs.jboss.org/author/display/AS7/Management+Clients. I'll let someone with more knowledge of the APIs let you know how to get started with invoking on them.

Yes, that's what i basically wanted to say is to execute a management operation. The CLI is just one way and i agree most likely not the best choice when used in a session bean

You maybe want to look into using the native client: https://github.com/jbossas/jboss-as/blob/master/controller-client/src/main/java/org/jboss/as/controller/client/ModelControllerClient.java - to execute the operation mentioned above. Where you would have to connect to the native management socket.

I hope there is not typo - but in a nutshell it should work like:

        final ModelControllerClient client = ModelControllerClient.Factory.create("localhost", 9999);
        try {
            final ModelNode address = new ModelNode();
            address.add("subsystem", "security");
            address.add("security-domain", "other");

            final ModelNode operation = new ModelNode();
            operation.get("operation").set("flush-cache");
            operation.get("address").set(address);

            final ModelNode result = client.execute(operation);

            if(! "success".equals(result.get("outcome").asString())) {
                throw new IllegalStateException("operation failed");
            }

        } finally {
            if(client != null) {
                client.close();                
            } 
        }

You'll most likely need the 'org.jboss.as:jboss-as-controller-client' maven artifact and add the 'org.jboss.as.controller-client' module dependency. I guess we can also look into the option to provide a in-jvm client.

Juergen Zimmermann wrote:

 

Emanuel, I added "Dependencies: org.jboss.as.controller-client,org.jboss.dmr" to Manifest.mf to make it work. Thank you very much. It would be nice if these two dependencies could be provided out of the box.

Hmm, yeah that could make sense.

Juergen Zimmermann wrote:

 

https://issues.jboss.org/browse/AS7-763 mentions that the operation "flush-cache" could take an argument to flush not the whole cache, but only the part of the given principal (resp. username). Can you advice me, how to add a string argument to the "flush-cache" operation, please?

Simply add: operation.get("principal").set(username); to the example above. This just adds a simple parameter - in case you are interested there are some addtional information for the detyped operation requests here: http://community.jboss.org/wiki/FormatOfADetypedOperationRequest

I have managed to flush the authentication cache using javax.management API:

private void flushAuthenticationCache(final String userid) {
        final String domain = "my-security-domain";
        try {
            ObjectName jaasMgr = new ObjectName("jboss.as:subsystem=security,security-domain=" + domain);
            Object[] params = {userid};
            String[] signature = {"java.lang.String"};
            MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
            server.invoke(jaasMgr, "flushCache", params, signature);
        } catch (Throwable e) {
            Throwables.propagate(e);
        }
    }

If I think about portability, I would prefer javax.management API over org.jboss.dmr.

Maxim, i used the javax.management API as you specified but i am getting the following exception Is there any thing i need to do more to avoid that exception? Like some configurations to my standalone.xml file?

Caused by:

: No child 'request-properties' exists

at org.jboss.dmr.ModelValue.requireChild(

)

at org.jboss.dmr.ObjectModelValue.requireChild(

)

at org.jboss.dmr.ModelNode.require(

)

at org.jboss.as.jmx.model.ModelControllerMBeanHelper.invoke(

)

at org.jboss.as.jmx.model.ModelControllerMBeanHelper.invoke(

)

at org.jboss.as.jmx.model.ModelControllerMBeanServerPlugin.invoke(

)

at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(

)

at com.ec.eccore.util.JmxHelper.flushAuthenticationCacheJBoss7(

) [com.ec.eccore-ejb-0.0.1-SNAPSHOT.jar:]

Hi Emanuel,

Do you know how a similar method for getAuthenticationCachePrincipals will be written in jboss 7? If similar to the flushAuthenticationCache, what operation will be used in this case? Thank you.

MBeanServer server = ...;

String jaasMgrName = "jboss.security:service=JaasSecurityManager";

ObjectName jaasMgr = new ObjectName(jaasMgrName);

Object[] params = {domainName};

String[] signature = {"java.lang.String"};

List users = (List) server.invoke(jaasMgr, "getAuthenticationCachePrincipals",

                                  params, signature);