9 Replies Latest reply on Oct 14, 2011 2:39 PM by mandelbr0t

    How to change property of already installed mbean via xml?

    atijms

      I would like to change a property of an mbean that is already installed in JBoss AS 5.1. I could do this programmatically, or I could change this in the JBoss configuration file that installs the bean in the first place.

       

      However, I would like to do this for a single application, not for the whole app server and if possible in an xml file. Is this possible?

       

      For example, I have a login-service.xml file in the root of an ear application, containing this:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <server>
          <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="foo:service=DynamicLoginConfig">
              <attribute name="AuthConfig">login-config.xml</attribute>
              <depends optional-attribute-name="LoginConfigService">
                  jboss.security:service=XMLLoginConfig
              </depends>
              <depends optional-attribute-name="SecurityManagerService">
                  jboss.security:service=JaasSecurityManager
              </depends>
          </mbean>
      </server>
      

       

      What I want to do is configure the already installed "jboss.security:service=JaasSecurityManager", by setting the DefaultCacheTime to 0.

       

      Of course the following doesn't work:

       

       

      <?xml version="1.0" encoding="UTF-8"?>
      <server>
      
          <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager">        
              <attribute name="DefaultCacheTimeout">0</attribute>
          </mbean>    
      
          <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="foo:service=DynamicLoginConfig">
              <attribute name="AuthConfig">login-config.xml</attribute>
              <depends optional-attribute-name="LoginConfigService">
                  jboss.security:service=XMLLoginConfig
              </depends>
              <depends optional-attribute-name="SecurityManagerService">
                  jboss.security:service=JaasSecurityManager
              </depends>
          </mbean>
      </server>
      

       

      In this case, it tries to install "jboss.security:service=JaasSecurityManager" again, but all I want is set a property on the already running instance.

       

      Is there a syntax available to do that?

        • 1. Re: How to change property of already installed mbean via xml?
          meme

          There are several points to mention:

           

          You cannot change the properties of an already instantiated mbean using xml like the way you would normally configure an mbean. When you'd like to change them you have to do it programmatically.

           

          Changes you'll do on mbeans properties are always appserver-wide. If you change for example "jboss.security:service=JaasSecurityManager" then this changes affect all your deployed applications.

           

          If you'd like to have this property set you should think about configuring your own SecurityManagerService and use that in your application. But be careful with that when accessing resources outside the ear these doesn't know your new SecurityManagerService.

           

          Hope that helps

           

          marc

          • 2. Re: How to change property of already installed mbean via xml?
            henk53

            Marc Ende wrote:

             

            You cannot change the properties of an already instantiated mbean using xml like the way you would normally configure an mbean. When you'd like to change them you have to do it programmatically.

             

             

            Indeed, maybe unfortunately so, but it's the only way. There are some tricks to make this more straightforward though. For instance, you can create a service EJB (which is JBoss specific) and inject it with the mbean you're wanting to re-configure.

             

            Alternatively, you could also create an mbean yourself that takes as parameters a list of other mbeans and the properties you want to reconfigure on them. I'm a little surprised JBoss didn't provide such an mbean themselves (as they seem to have lots of other such utilities to do all kinds of powerful deployment and configuration stuff).

            Changes you'll do on mbeans properties are always appserver-wide. If you change for example "jboss.security:service=JaasSecurityManager" then this changes affect all your deployed applications.

             

            Exactly, which is yet another reason that you shouldn't really see your AS as a replacement for an isolating multi-tasking OS. At best I would say that different 'deployed applications' on a single AS are more akin to 'application modules' of a single logical application. There is a thin level of isolation between such 'application modules', but there really is nothing that keeps applications that are potentially hostile to each other from running in each other's water.

            • 3. Re: How to change property of already installed mbean via xml?
              mandelbr0t

              From the documentation:

               

              The JaasSecurityManagerService MBean is configured by default for use in the standard JBoss distribution, and you can often use the default configuration as is. The configurable attributes of theJaasSecurityManagerService include:

               

              I note that 1) there is no mention of where this MBean is configured, and 2) no example of a custom SecurityManagerService as Marc suggested. Yes, Marc, you're really damned helpful. And I love having massive changes like this that deprecate most documentation that exists to date. All I want to do is change the damned authentication cache so that authentication is required every time (webapp). Thanks also for removing the flushCacheOnSessionInvalidation parameter from the jboss-web.xml. I really like banging my head against the wall for hours to change one lousy parameter in my security domain. JBoss is truly for masochists.

              • 4. Re: How to change property of already installed mbean via xml?
                mandelbr0t

                Sorry for the trollish reply. I was able to accomplish a complete logout from my webapp, as evidenced by the fact that protected resources pop up the login form immediately after logout. My gripe about the excessive difficulty of such a task still stands though.

                • 5. Re: How to change property of already installed mbean via xml?
                  meme

                  Hmmm... I'm not pretty sure that I understand your posts. As far as I understand, you're trying to do a logout on a Webpage.

                  When you don't want to let the container manage the logout, you can also do it programatically using WebAuthentication and

                  their login logut methods. (see: http://community.jboss.org/wiki/WebAuthentication)

                  • 6. Re: How to change property of already installed mbean via xml?
                    mandelbr0t

                    But that's exactly the problem - the WebAuthentication doesn't take care of all of this stuff. I call WebAuthentication.logout, but I still need to invalidate the session and clear the auth cache myself.

                    • 7. Re: How to change property of already installed mbean via xml?
                      meme

                      The PolicyCache is meant to cache the permissions (for about 30min). So invalidating this cache is not needed for logging out. The logout invalidates the login-information within the session, managed by the container. So it's not responsible for invalidating the whole session.

                      After calling logout() the container shouldn't allow any request to an protected url.

                      • 8. Re: How to change property of already installed mbean via xml?
                        mandelbr0t

                        My testing showed that it did. It was not until I both invalidated the session and flushed the principal from the auth cache that the container intercepted calls to protected resources. I am running JBoss 6.1 Final.

                        • 9. Re: How to change property of already installed mbean via xml?
                          mandelbr0t

                          Hmmm it appears that WebAuthentication.logout() is working properly. I guess my JSF code didn't end up calling it correctly.