-
1. Re: In JBoss AS 7, how to set JAAS default cache timeout?
ybxiang.china Aug 3, 2012 8:30 AM (in response to ybxiang.china)All examples about jboss 7 JAAS on network do NOT mention this issue.
If there is a standalone.dtd, it will be better.
Please help me, Thank you in advance.
-
2. Re: In JBoss AS 7, how to set JAAS default cache timeout?
ybxiang.china Aug 3, 2012 8:39 AM (in response to ybxiang.china)I am reading jboss-as-config_1_2.xsd, I hope it is the right one.
-
3. Re: In JBoss AS 7, how to set JAAS default cache timeout?
ybxiang.china Aug 3, 2012 8:42 AM (in response to ybxiang.china)There is only one attribute "name" defined for jaasAuthenticationType.
-
4. Re: In JBoss AS 7, how to set JAAS default cache timeout?
dlofthouse Aug 3, 2012 8:48 AM (in response to ybxiang.china)1 of 1 people found this helpfulIf you are configuring the security subsystem you need to be looking at the 'jboss-as-security_1_*.xsd' as that is the one specific to the subsystem - the config you are looking at is the general top level schema.
-
5. Re: In JBoss AS 7, how to set JAAS default cache timeout?
kieselhorst Nov 16, 2012 7:59 AM (in response to dlofthouse)I found out that cache-type="default" has to be set to enable caching. An alternative would be "infinispan". Unfortunately I've found nothing on configuring these variants, only that it can be disabled by removing the cache-type attribute.
-
6. Re: In JBoss AS 7, how to set JAAS default cache timeout?
kliczko Nov 4, 2013 9:30 PM (in response to ybxiang.china)Have you get an idea how to configure infinispan cache ?
I get a strange situation:
- when cache-type="default" in security-domain -> authentication works correctly.
- when I use below configuration -> I am not able to login (on JBoss console there are not any errors)
======
...
<security-domain name="myJaasDomain" cache-type="infinispan">
...
<subsystem xmlns="urn:jboss:domain:infinispan:1.2" default-cache-container="web">
<cache-container name="cluster" aliases="ha-partition" default-cache="default">
<transport lock-timeout="60000"/>
<replicated-cache name="default" mode="SYNC" batching="true">
<locking isolation="REPEATABLE_READ"/>
</replicated-cache>
</cache-container>
<cache-container name="web" aliases="standard-session-cache" default-cache="repl">
<transport lock-timeout="60000"/>
<replicated-cache name="repl" mode="ASYNC" batching="true">
<file-store/>
</replicated-cache>
<replicated-cache name="sso" mode="SYNC" batching="true"/>
<distributed-cache name="dist" mode="ASYNC" batching="true">
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="ejb" aliases="sfsb sfsb-cache" default-cache="repl">
<transport lock-timeout="60000"/>
<replicated-cache name="repl" mode="ASYNC" batching="true">
<file-store/>
</replicated-cache>
<replicated-cache name="remote-connector-client-mappings" mode="SYNC" batching="true"/>
<distributed-cache name="dist" mode="ASYNC" batching="true">
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="hibernate" default-cache="local-query">
<transport lock-timeout="60000"/>
<local-cache name="local-query">
<transaction mode="NONE"/>
<expiration max-idle="100000"/>
</local-cache>
<invalidation-cache name="entity" mode="SYNC">
<transaction mode="NON_XA"/>
<expiration max-idle="100000"/>
</invalidation-cache>
<replicated-cache name="timestamps" mode="ASYNC">
<transaction mode="NONE"/>
</replicated-cache>
</cache-container>
</subsystem>
...
======
Have you get any idea, what is wrong in my configuration ?
Regards,
Artur
-
7. Re: In JBoss AS 7, how to set JAAS default cache timeout?
darrenjones Nov 8, 2013 4:21 AM (in response to kliczko)1 of 1 people found this helpfulI know this is an old thread, but I found the answer to this one hard to find, so thought I'd post here for others.
Authentication cache setup is described here:
[AS7-322] Add authentication cache for standalone server - JBoss Issue Tracker
So basically, you need something like this in your infinispan subsystem configuration (this is for wildfly, should work similarly in AS7 too). Authentication is cached for 10 seconds in this example. The "security" and "auth-cache" strings must be used:
<subsystem xmlns="urn:jboss:domain:infinispan:2.0">
<cache-container name="security" aliases="standard-security-cache" default-cache="auth-cache" module="org.wildfly.clustering.web.infinispan">
<local-cache name="auth-cache" batching="true">
<expiration lifespan="10000"/>
</local-cache>
</cache-container>
...
-
8. Re: In JBoss AS 7, how to set JAAS default cache timeout?
ybxiang.china Nov 8, 2013 10:11 AM (in response to kliczko)sorry, No.
-
9. Re: In JBoss AS 7, how to set JAAS default cache timeout?
kliczko Nov 8, 2013 11:03 AM (in response to darrenjones)Thanks Darren.
For JBoss EAP 6.1 below standalone.xml configuration somehow works:
------------------------------------------------------------------------------------------------------
...
<subsystem xmlns="urn:jboss:domain:infinispan:1.4">
<cache-container name="security" default-cache="auth-cache">
</cache-container>
...
<security-domain name="myJaasDomain" cache-type="infinispan">
...
------------------------------------------------------------------------------------------------------
-
10. Re: In JBoss AS 7, how to set JAAS default cache timeout?
farmerzen Mar 21, 2014 7:33 PM (in response to ybxiang.china)Hi,
Any news on this?! Also googled solutions on this and found nothing on the web!
Also tried the example here descrived and the solution will not work on AS7.1.1 Final!
Cheers
-
11. Re: In JBoss AS 7, how to set JAAS default cache timeout?
ybxiang.china Mar 23, 2014 7:32 AM (in response to farmerzen)You can refresh somebody's data in JAAS cache or refresh whole JAAS cache by programm:
@Stateless
@Local(IJaasCacheSession.class)
public class JaasCacheSession implements IJaasCacheSession{
Logger log = Logger.getLogger(JaasCacheSession.class.getName());
@EJB
ICoreService coreService;
@PermitAll()
public void flushJaasCache(String securityDomain) {
try {
javax.management.MBeanServerConnection mbeanServerConnection
= java.lang.management.ManagementFactory
.getPlatformMBeanServer();
javax.management.ObjectName mbeanName = new javax.management.ObjectName(
"jboss.as:subsystem=security,security-domain="
+ securityDomain);
mbeanServerConnection.invoke(mbeanName, "flushCache", null, null);
} catch (Exception e) {
throw new SecurityException(e);
}
}
@PermitAll()
public void flushJaasCache(String securityDomain, String jaasUsername) {
try {
Object[] params = { jaasUsername };
String[] signature = { "java.lang.String" };
javax.management.MBeanServerConnection mbeanServerConnection
= java.lang.management.ManagementFactory
.getPlatformMBeanServer();
javax.management.ObjectName mbeanName = new javax.management.ObjectName(
"jboss.as:subsystem=security,security-domain="
+ securityDomain);
mbeanServerConnection.invoke(mbeanName, "flushCache", params,
signature);
} catch (Exception e) {
throw new SecurityException(e);
}
}
@PermitAll()
public void flushJavaarmForumSecurityDomainJaasCache(){
flushJaasCache(coreService.getJavaarmForumJaasSecurityDomain());
}
@PermitAll()
public void flushJavaarmForumSecurityDomainJaasCache(String jaasUsername){
flushJaasCache(coreService.getJavaarmForumJaasSecurityDomain(),jaasUsername);
}
}
-
12. Re: In JBoss AS 7, how to set JAAS default cache timeout?
farmerzen Mar 23, 2014 1:00 PM (in response to ybxiang.china)Só It means there isnt a per container configuration?? You can only set it programagtly ? And do you know what is the diference between cache=default vs cache=infinispan? Isnt AS7 default cache implementation infinispan?
Thanks best regards
-
13. Re: In JBoss AS 7, how to set JAAS default cache timeout?
darrenjones Mar 24, 2014 4:41 PM (in response to farmerzen)The AS7 default cache is not "infinispan" - it's a simple in-memory cache. The cache type must be explicitly set to "infinispan", and the corresponding "security" cache-container must be configured, as per the above examples (post 9 is probably the closest example for JBoss 7.1.1).
If this is not working, could you post your infinispan subsystem and security-domain configuration?
-
14. Re: In JBoss AS 7, how to set JAAS default cache timeout?
farmerzen Mar 25, 2014 6:33 AM (in response to darrenjones)Hi Daren,
Well I was trying to configure the default cache system! But I cannot find any example how to configuration JaasSecurityManagerService timeouts in JBoss7...
Then I tried to move to infinispan.... but the it seams that the container simple bypass the cache-type="infinispan" and uses default! Wired...
Here it is a test configuration:
<subsystem xmlns="urn:jboss:domain:infinispan:1.2" default-cache-container="hibernate">
......
<cache-container name="security" default-cache="auth-cache">
<local-cache name="auth-cache" batching="true">
<expiration lifespan="30000"/>
</local-cache>
</cache-container>
</subsystem>
then on security domains:
<security-domain name="QualificationRealm" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="principal" value="HTTP/ONCALL.qualification.loc@QUALIFICATION.LOC"/>
<module-option name="keyTab" value="D:\web-servers\jboss-as-7.1.1.final-oncall\standalone\configuration\sso\oncall.keytab"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="OncallRealm" cache-type="infinispan">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="QualificationRealm"/>
<module-option name="removeRealmFromPrincipal" value="true"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="dsJndiName" value="java:jboss/datasources/oncall"/>
<module-option name="principalsQuery" value="select USERID from ONCALL_USER where lower(LOGIN)=lower(?) and ACTIVE = 1"/>
<module-option name="rolesQuery" value="select 'ONCALL_USER', 'Roles' from ONCALL_USER where lower(LOGIN)=lower(?)"/>
</login-module>
</authentication>
</security-domain>
From my tests, this configuration still uses default cache timeout, wich is 30 minutes... and not he 30 seconds I've configured in infinispan...
Well I wanted two know two things....
How can I configure the JaasSecurityManagerService in Jboss7 or how can I set the default cache timeout?
What is missing from my configuration so that SPNEGOLoginModule and DatabaseServerLoginModule start to use infinispan!?
Thank you very much