-
1. Problem keeping a user logged between threads
wolfgangknauf Mar 31, 2011 7:59 AM (in response to kitome)Hi,
take a look at this thread: http://community.jboss.org/thread/43907
Which JBoss version do you use?
Hope this helps
Wolfgang
-
2. Re: Problem keeping a user logged between threads
kitome Mar 31, 2011 9:30 AM (in response to wolfgangknauf)Hi Wolfgang, and thanks for your reply.
I'm using JBoss 5.1.0.GA and I just read the thread you linked and I think we have the same issue. I modified the code to use the .setClient() but it didnt work. Here is a snippet of the code I use to do the login:
SecurityClient securedClient = null;
try {
SecurityContextAssociation.setClient();
securedClient = SecurityClientFactory.getSecurityClient();
securedClient.setSimple(userLogin, password);
securedClient.login();
} catch (Exception e) {
securedClient.logout();
}
Also, I'm trying to configure this:
org.jboss.security.ClientLoginModule required
multi-threaded=false;
But I cant find where should I do that.
-
3. Problem keeping a user logged between threads
wolfgangknauf Mar 31, 2011 10:46 AM (in response to kitome)Hi,
the "multi-threaded=false" fragment needs to be places in a file "auth.conf", and thus you have to use a JAAS login instead of "simple" login. See the security FAQ at http://community.jboss.org/wiki/SecurityFAQ - the answers for question 10 shows you the first steps of performing a JAAS login. If there are more questions left, feel free to ask. Unfortunately, I did not find an english website which explains this in detail.
Alternative: did you try to set the system property "org.jboss.security.context.ThreadLocal=false", as described in https://issues.jboss.org/browse/SECURITY-415
Best regards
Wolfgang
-
4. Re: Problem keeping a user logged between threads
kitome Mar 31, 2011 10:57 AM (in response to wolfgangknauf)Hello again!
I used the SecurityContextAssociation.setClient(); before I call SecurityClientFactory.getSecurityClient(); and had no luck, then I created an auth.conf file and put it into my resources and it didnt seem to work either. Dunno if I have to do anything else other than just creating the file.
Inside the auth.conf is:
jmx-console {
org.jboss.security.ClientLoginModule required;
multi-threaded=false;
};
EDIT: I haven't tried yet the JAAS login you suggested above
-
5. Re: Problem keeping a user logged between threads
kitome Mar 31, 2011 1:34 PM (in response to wolfgangknauf)Hi again,
I tried to use the JAAS login but I get an exception and it won't even login now... It seems like if it isn't recognizing the security domain I specify as the first parameter 'cuz it throws and execption when I initialize the LoginContext Object.
I did set the system property "org.jboss.security.context.ThreadLocal=false" with System.setProperty("org.jboss.security.context.ThreadLocal", "false"); but the problem is still there.
-
6. Re: Problem keeping a user logged between threads
kitome Mar 31, 2011 4:20 PM (in response to kitome)Well I finally tried the JAAS login with the suggested auth.conf and still have the same problem: I can login in the main thread but the authentitation is ost in its children threads.
Here is the code that does the login:
System.setProperty("java.security.auth.login.config","conf/auth.conf");
System.setProperty("org.jboss.security.context.ThreadLocal", "false");
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal userJAAS = new SimplePrincipal(user);
handler.setSecurityInfo(userJAAS, password);
LoginContext loginContext =
new LoginContext("jmx-console",
(CallbackHandler) handler);
// SecurityContextAssociation.setClient();
loginContext.login();
I really dunno what is wrong since apparently everything is "fine", I really appreciate any help or guidance anyone could give.
Thanks in advance.