8 Replies Latest reply on Jul 21, 2002 11:34 AM by Matt Vincent

    Can I force JAAS Security to refresh?

    Aaron Rustad Newbie

      In my application, I have a menu that presents options based on the user's role. The problem I am having is that once the user logs in, is authenticated, and then logs out, his role remains the same even if the administrator changes it. The only way JAAS recognizes that he is in a new role, is if I restart the server.

      I can only assume that JAAS or JBossSX is in some way caching the roles associated with that user. Maybe I should clarify this, after the user logs out, JAAS still requires him to be authenticated, but like I said, his role remains the same.

      Thanks for your insight!
      BGOT.

        • 1. Re: Can I force JAAS Security to refresh?
          Matt Hollingsworth Newbie

          Does anyone know if this is achievable? I have a similar requirement...

          Thanks
          Matt

          • 2. Re: Can I force JAAS Security to refresh?
            Matt Hollingsworth Newbie

            Invoking "flushAuthenticationCache" on the JaasSecurityManager mbean flushes the cache for the specified domain.

            Don't know of a way to flush on a per-user basis however.

            • 3. Re: Can I force JAAS Security to refresh?
              Pranab Ghosh Newbie

              I desparately need this fix. Which version of JBOSS are you using. I don't see any reference to JaasSecurityManager mbean anywhere. It's not in jboss-jass.jar

              Pranab

              • 4. Re: Can I force JAAS Security to refresh?
                Pranab Ghosh Newbie

                I can't find any reference to JaasSecurityManager mbean anywhere. Which version of JBOSS are you using? I need this fix real bad. Please advice.

                Thanks,
                Pranab

                • 5. Re: Can I force JAAS Security to refresh?
                  Matt Hollingsworth Newbie

                  I'm using 3.0.0.

                  The mbean name is "jboss.security:name=JaasSecurityManager", and the operation name is "flushAuthenticationCache".

                  • 6. Re: Can I force JAAS Security to refresh?
                    Brian Newbie

                    Does anyone know how to get it to refresh in JBoss 2.4.6? I desparately need this fix too.

                    Thanks,
                    tool

                    • 7. Re: Can I force JAAS Security to refresh?
                      Matt Vincent Newbie

                      This is available in ver. 2.4.4

                      http://localhost:8082/ViewObjectRes//Security%3Aname%3DJaasSecurityManager

                      This MBean takes a parameter. If I code:

                      LoginContext lc = new LoginContext("client-login", handler);

                      Then I assume that the MBean parameter is client-login?

                      Can anyone direct me to a code sample for programmatically invoking the MBean method (instead of going through port 8082)?

                      Thanks.

                      • 8. Re: Can I force JAAS Security to refresh?
                        Matt Vincent Newbie

                        Should have figured this one out...

                        The argument to flushAuthenticationCache is the security domain. (e.g. String jndiName = "java:/jaas/" + securityDomain)

                        (see org.jboss.security.plugins.JaasSecurityManagerService.java)

                        Here's the code to programmatically flush the cache:


                        /*
                        * JBoss, the OpenSource EJB server
                        *
                        * Distributable under LGPL license.
                        * See terms of license at gnu.org.
                        */

                        package org.jboss.docs.jaas.howto;

                        import java.io.File;
                        import java.net.URL;

                        import javax.management.ObjectName;
                        import javax.naming.InitialContext;

                        import org.jboss.jmx.interfaces.JMXAdaptor;

                        /**
                        *
                        *
                        * @see
                        * @author Rickard Öberg (rickard.oberg@telkel.com)
                        * @version $Revision: 1.6 $
                        */
                        public class FlushAuthCache
                        {
                        // Constants -----------------------------------------------------

                        // Attributes ----------------------------------------------------

                        // Static --------------------------------------------------------
                        public static void main(String[] args)
                        throws Exception {
                        if (args.length != 1) {
                        System.out.println("Usage: ");
                        return;
                        } else {
                        System.out.println("flushAuthenticationCache(" + args[0] + ")");
                        FlushAuthCache flusher = new FlushAuthCache();
                        flusher.flushAuthenticationCache(args[0]);
                        return;
                        }
                        }

                        // Constructors --------------------------------------------------

                        // Public --------------------------------------------------------
                        public void flushAuthenticationCache(String domain)
                        throws Exception
                        {
                        ObjectName containerFactory = createFactoryName();

                        JMXAdaptor server = lookupAdaptor();

                        server.invoke(containerFactory,
                        "flushAuthenticationCache",
                        new Object[] { domain },
                        new String[] { "java.lang.String" });
                        }

                        /** creation of objectname for the deployer
                        * factored out
                        * @author cgjung
                        */
                        protected ObjectName createFactoryName() throws javax.management.MalformedObjectNameException {
                        return new ObjectName("Security:name=JaasSecurityManager");
                        }


                        /** lookup of JMXadaptor factored out
                        * @author cgjung
                        */
                        protected JMXAdaptor lookupAdaptor() throws javax.naming.NamingException {
                        return (JMXAdaptor)new InitialContext().lookup("jmx");
                        }


                        // Protected -----------------------------------------------------
                        }