0 Replies Latest reply on Aug 26, 2014 2:40 PM by dhileman

    Wildfly 8.0 Final; Problem flushing security cache

    dhileman

      Hi community!

       

      1)

      I am having an issue with Wildfly 8.0 Final security.  I am using container security for a web application.  In the application, I have an interface for changing user roles.  The problem is, after changing the assigned roles of a user, the new roles don't take affect unless I restart the application server.  From what I can tell, the solution to this is to simply set this flag flushOnSessionInvalidation:

       

      <security-domain flushOnSessionInvalidation="true">java:/jaas/jdbcSecurityRealm</security-domain>
      
      

       

      This does not have any effect. Apparently there is a bug which causes this to not work, which is scheduled to be fixed in 9.0 ([WFLY-3221] flushOnSessionInvalidation attribute in jboss-web.xml does not flush user credentials - JBoss Issue Tracker).

       

      2)

      So, I found a workaround, or so I thought.  I setup a session listener, and calling the flush-cache operation from the sessionDestroyed method, like this (wow i can't figure out how to insert a code block. It is forcing it into an html table):

      @Override
      public void sessionDestroyed(HttpSessionEvent event)
      {
      String username = getUsername(event);
      clearSecurityCache(username);
      }
      public void clearSecurityCache(String username)
      {
      try
      {
          ObjectName jaasMgr = new ObjectName("jboss.as:subsystem=security,security-domain=jdbcSecurityRealm" );
          Object[] params = {username};
          String[] signature = {"java.lang.String"};
          MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
          server.invoke(jaasMgr, "flushCache", params, signature);
          System.out.println("Cleared security cache for user " + username);
      }
      catch (Exception ex)
      {
          ex.printStackTrace();
      }
      }

       

       

      3)

      Now the problem: This workaround (flushing cache) does work great on my local machine, in standalone mode, but when I deploy this to our dev environment, which is a 2-node wildfly cluster domain, an error is thrown when trying to flush the cache from the session listener.  Here is the error:

      [Server:server-three] 13:43:46,110 ERROR [stderr] (default task-5) javax.management.InstanceNotFoundException: JBAS011342: No operation called 'flush-cache'
      [Server:server-three] 13:43:46,110 ERROR [stderr] (default task-5) at org.jboss.as.jmx.model.ModelControllerMBeanHelper.invoke(ModelControllerMBeanHelper.java:409)
      [Server:server-three] 13:43:46,111 ERROR [stderr] (default task-5) at org.jboss.as.jmx.model.ModelControllerMBeanHelper.invoke(ModelControllerMBeanHelper.java:404)
      [Server:server-three] 13:43:46,111 ERROR [stderr] (default task-5) at org.jboss.as.jmx.model.ModelControllerMBeanServerPlugin.invoke(ModelControllerMBeanServerPlugin.java:140)
      [Server:server-three] 13:43:46,111 ERROR [stderr] (default task-5) at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:732)
      [Server:server-three] 13:43:46,111 ERROR [stderr] (default task-5) at bmacs.util.SessionListener.clearSecurityCache(Unknown Source)
      [Server:server-three] 13:43:46,111 ERROR [stderr] (default task-5) at bmacs.util.SessionListener.sessionDestroyed(Unknown Source)
      [Server:server-three] 13:43:46,112 ERROR [stderr] (default task-5) at io.undertow.servlet.core.ApplicationListeners.sessionDestroyed(ApplicationListeners.java:264)
      [Server:server-three] 13:43:46,112 ERROR [stderr] (default task-5) at io.undertow.servlet.core.SessionListenerBridge.sessionDestroyed(SessionListenerBridge.java:48)
      [Server:server-three] 13:43:46,112 ERROR [stderr] (default task-5) at io.undertow.server.session.SessionListeners.sessionDestroyed(SessionListeners.java:38)
      [Server:server-three] 13:43:46,112 ERROR [stderr] (default task-5) at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:376)
      [Server:server-three] 13:43:46,113 ERROR [stderr] (default task-5) at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:362)
      [Server:server-three] 13:43:46,113 ERROR [stderr] (default task-5) at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:197)
      [Server:server-three] 13:43:46,113 ERROR [stderr] (default task-5) at org.apache.jsp.logout_jsp._jspService(logout_jsp.java:101)
      [Server:server-three] 13:43:46,113 ERROR [stderr] (default task-5) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69)
      [Server:server-three] 13:43:46,114 ERROR [stderr] (default task-5) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      [Server:server-three] 13:43:46,114 ERROR [stderr] (default task-5) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:366)
      [Server:server-three] 13:43:46,114 ERROR [stderr] (default task-5) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326)
      [Server:server-three] 13:43:46,114 ERROR [stderr] (default task-5) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259)
      [Server:server-three] 13:43:46,114 ERROR [stderr] (default task-5) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      [Server:server-three] 13:43:46,115 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      [Server:server-three] 13:43:46,115 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
      [Server:server-three] 13:43:46,115 ERROR [stderr] (default task-5) at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:96)
      [Server:server-three] 13:43:46,115 ERROR [stderr] (default task-5) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:56)
      [Server:server-three] 13:43:46,115 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
      [Server:server-three] 13:43:46,116 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
      [Server:server-three] 13:43:46,116 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
      [Server:server-three] 13:43:46,116 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      [Server:server-three] 13:43:46,116 ERROR [stderr] (default task-5) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      [Server:server-three] 13:43:46,117 ERROR [stderr] (default task-5) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
      [Server:server-three] 13:43:46,117 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
      [Server:server-three] 13:43:46,117 ERROR [stderr] (default task-5) at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:52)
      [Server:server-three] 13:43:46,117 ERROR [stderr] (default task-5) at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
      [Server:server-three] 13:43:46,117 ERROR [stderr] (default task-5) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
      [Server:server-three] 13:43:46,118 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
      [Server:server-three] 13:43:46,118 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
      [Server:server-three] 13:43:46,118 ERROR [stderr] (default task-5) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
      [Server:server-three] 13:43:46,118 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
      [Server:server-three] 13:43:46,119 ERROR [stderr] (default task-5) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
      [Server:server-three] 13:43:46,119 ERROR [stderr] (default task-5) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
      [Server:server-three] 13:43:46,119 ERROR [stderr] (default task-5) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      [Server:server-three] 13:43:46,119 ERROR [stderr] (default task-5) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
      [Server:server-three] 13:43:46,119 ERROR [stderr] (default task-5) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
      [Server:server-three] 13:43:46,120 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
      [Server:server-three] 13:43:46,120 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
      [Server:server-three] 13:43:46,120 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
      [Server:server-three] 13:43:46,121 ERROR [stderr] (default task-5) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
      [Server:server-three] 13:43:46,121 ERROR [stderr] (default task-5) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
      [Server:server-three] 13:43:46,124 ERROR [stderr] (default task-5) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687)
      [Server:server-three] 13:43:46,125 ERROR [stderr] (default task-5) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      [Server:server-three] 13:43:46,125 ERROR [stderr] (default task-5) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      [Server:server-three] 13:43:46,125 ERROR [stderr] (default task-5) at java.lang.Thread.run(Thread.java:744)
      
      

       

       

      So, any ideas what this means "javax.management.InstanceNotFoundException: JBAS011342: No operation called 'flush-cache'"?