11 Replies Latest reply on May 24, 2013 9:25 AM by Yassir Barceló

    LoginModule that calls an EJB during logout problem

    alan shields Newbie

      I have a custom login module that calls an EJB during login and logout.

       

      When calling the EJB during logout, because the users session has been invalidated jboss attempts to re authenticate the user, as my Authentication plug in also makes use of an EJB that call also attempts to authenticate and so on until the stack over flows.

       

      Ideally I'd like to be able to make my EJB call during the logout phase as the anonymous user, I've tried Subject.doAs but the invocation still appears to happen under the recently logged out user.

       

      Does anybody have any suggestions?

       

      Thanks

      Alan

        • 1. Re: LoginModule that calls an EJB during logout problem
          alan shields Newbie

          Just found that calling the EJB in a new Thread causes it to be run as the anonymous user.

           

          This appears to be exactly what I want.

          • 2. Re: LoginModule that calls an EJB during logout problem
            Stephen Coy Master

            How are you "logging out"?

             

            Are you calling javax.servlet.http.HttpServletRequest#logout()?

             

            Until the 3.0 release of the Servlet Spec, the notion of "logging out" was not well defined at all. On JBoss, you could kind of logout by invalidating the HttpSession. Other vendors provided more explicit (platform dependent) ways of doing it.

             

            Additionally, you're probably invoking the logout from a protected URL, which is why it's trying to reauthenticate. In the past I've always ensured that the "Logout" button or link sends a request to an unprotected URL.

            • 3. Re: LoginModule that calls an EJB during logout problem
              alan shields Newbie

              The front end is using zk and calls invalidate on both the HttpSession and also the current zk session. I didn't write that code myself and I'm not familiar with zk but I have no reason to suspect a problem here, also I get the same behavior if I just allow the http session to time out.

               

              I'm fairly sure from the stack trace that the reason it's trying to reauthenticate is because I am calling a protected EJB in the logout method of my login module.

               

              Cheers

              Alan

              • 4. Re: LoginModule that calls an EJB during logout problem
                Yassir Barceló Newbie

                Hi,

                alan i'm making something like you, 

                i have my custom Databaseloginmodule  and i need to invoke an ejb.

                my module.xml  look like this

                 

                <module xmlns="urn:jboss:module:1.1" name="svc.loginmodule">

                  <resources>

                    <resource-root path="svc.loginmodule-1.0.0.jar"/>

                           <resource-root path="svc.core.operativo-1.0.0-client.jar"/>

                  </resources>

                 

                  <dependencies>

                    <module name="org.picketbox"/>

                    <module name="javax.api"/>

                    <module name="javax.persistence.api"/>

                    <module name="javax.resource.api"/>

                    <module name="javax.security.auth.message.api"/>

                    <module name="javax.security.jacc.api"/>

                    <module name="javax.transaction.api"/>

                    <module name="javax.xml.bind.api"/>

                    <module name="javax.xml.stream.api"/>

                    <module name="org.jboss.common-core"/>

                    <module name="org.jboss.logging"/>

                    <module name="org.infinispan"/>

                  </dependencies>

                </module>

                 

                But when i try to call a method from ejb, it doesn't work!!! return null!!

                could you hel me pls?

                regards

                • 5. Re: LoginModule that calls an EJB during logout problem
                  alan shields Newbie

                  Hi

                  What does your code look like, How are you looking up the EJB?

                  Cheers

                  Alan

                  • 6. Re: LoginModule that calls an EJB during logout problem
                    Yassir Barceló Newbie

                    Alan, my code

                     

                    public class SvcLoginModule extends org.jboss.security.auth.spi.DatabaseServerLoginModule{

                     

                     

                              private int intentos=0;

                              @EJB(lookup = "java:global/svc.core.operativo-1.0.0/EJBOperativo!com.maxximiza.svc.core.service.module.operativo.EJBIOperativoRemote")

                              private EJBIOperativoRemote operativo;

                              public boolean login()

                              {

                     

                                        boolean result=false;

                                        try{

                                                  System.out.println("Autenticando");

                     

                                                  System.out.println("Voy pal ejb");

                                                  List<Operador> aeros=operativo.findAllOperadores();  // This is  only for testing.

                     

                                                  System.out.println("Numero de aerolineas:"+aeros.size());

                                                  result=super.login();

                     

                                        }catch(Exception ex)

                                        {

                                                  ex.printStackTrace();

                     

                                        }

                                        return result;

                     

                     

                              }

                     

                     

                     

                    Any  suggestion?

                    • 7. Re: LoginModule that calls an EJB during logout problem
                      alan shields Newbie

                      Hi

                      Yes, you can't inject into a login module, you need to look up the bean from a naming context the old fashioned way.

                       

                      Something like:

                       

                      InitialContext ctx=new InitialContext();

                      operativo=(EJBOperativoRemote)ctx.lookup("java:global/svc.core.operativo-1.0.0/EJBOperativo!com.maxximiza.svc.core.service.module.operativo.EJBIOperativoRemote");

                       

                      Cheers

                      Alan

                      • 8. Re: LoginModule that calls an EJB during logout problem
                        Yassir Barceló Newbie

                        Hey!! Alan.  It's working!!

                        Now, i have another issue but is not problem.

                        Thanks so much.!!!!

                         

                        Yassir.

                        • 9. Re: LoginModule that calls an EJB during logout problem
                          Yassir Barceló Newbie

                          Hi Alan,

                          may i disturb you?

                          i have this problem:

                          • As you see on my first message  i have the module  svc.lginmodule  on   jboss711/modules/svc/loginmodule

                           

                          <module xmlns="urn:jboss:module:1.1" name="svc.loginmodule">

                            <resources>

                              <resource-root path="svc.loginmodule-1.0.0.jar"/>

                                     <resource-root path="svc.security-1.0.0-client"/>

                            </resources>

                          • the svc.loginmodule-1.0.0.jar it have to invoke to ejb to execute some methods.  because of that, i have put the svc.security-1.0.0-client.jar   which is the client of EJB.

                                 but when i deploy svc.security-1.0.0,jar (EJB) over  JBoss deployments  i have getting this error:  "no jndi bindings will be created for ejb since no views are exposed"

                           

                          What could be happening?

                          Regards.

                          • 10. Re: LoginModule that calls an EJB during logout problem
                            alan shields Newbie

                            Hi

                            I don't know, but this looks more like a general EJB deployment problem than anything to do with the login module, does your implementation bean definitely implement the local interface?

                             

                            I'm not sure how the class loading for the interfaces will work as I believe the EJB deployment needs to be able to access the same jar that the login module accesses, maybe you need to install the plug in as a jboss module so that you can then have a dependency to it from the EJB implementation.

                             

                            I don't know whether this is an option for you but I have my login module deployed as part of my application which makes things a lot easier but it would probably be a problem if you have other applications that use that domain and you undeploy the application with the login module.

                             

                             

                            Cheers

                            Alan

                            • 11. Re: LoginModule that calls an EJB during logout problem
                              Yassir Barceló Newbie

                              Hi Alan, thank you so much for your response...

                              I was thinking about the option you tell me, deploy my login module as part of my application, you are right,ther problem would de the others applications,  yes we have almost 4 webapps.

                              what if, i build one application only with the custom login module and depending of the rol,  i redirect to webapp defined and the other webapp have been configured for acces to defined rol.  do you understand me?

                              i will try.

                              Regards.

                              Yassir.