4 Replies Latest reply on Feb 26, 2004 4:12 PM by martin0

    "caching" subjects/principals on the server side

    eddie07
    eddie07 Nov 12, 2003 10:09 AM

      I set up JAAs and it works fine with one exception.
      Each time my client is calling a method of a session bean the complete security code for authentication/authorization is executed again. This is very cpu-intensive because of the involved database queries (I am using an own module derived from AbstractServerLoginModule).
      Isn't there a way for the application server to find out that this client has already been authorized and roles assigned? This information doesn't seem to be sent back to the client (is it possible to do this?) and the server is not able to "map" the client to a subject. Or am I doing something wrong?

      Thanks for your help,
      Eddie

      • 3466 Views
      • Tags:
        • 1. Re: "caching" subjects/principals on the server side
          juha Nov 12, 2003 3:20 PM (in response to eddie07)

          There's an authentication cache in the default distribution already.

          -- Juha

            • Actions
          • 2. Re: "caching" subjects/principals on the server side
            eddie07
            eddie07 Nov 13, 2003 4:38 AM (in response to eddie07)

            Thanks for your answer.

            > There's an authentication cache in the default
            > distribution already.

            I know this, and I am using the default cache. When I am examining it with jmx-console I can see that my principal is stored - and it is used as long as one request from the client is executed, e.g. if a session bean calls other beans.
            But as soon as the client is doing the next request (without calling login again), my ServerLoginModul is doing everything again.

            How should jboss recognize that the client is already authenticated?

            Eddie

            PS: To get a better understanding I tried to use example 8 of the jboss book, but I couldn't compile it because I couldn't find ServiceMBeanSupport in any of the jar files. Where can I find this class file? I am using jboss-3.2.1

              • Actions
            • 3. Re: "caching" subjects/principals on the server side
              ebdr
              ebdr Nov 13, 2003 5:16 PM (in response to eddie07)

              Hi I am not sure if this will fix your problem. I had a similar problem where an authenticated user was not recognized properly by the server. In order to overcome this problem, I stored the LoginContext, with which the user was logged in, in the user's session and had a servlet filter call the LoginContext::login() method at each request.

              -Eric

                • Actions
              • 4. Re:
                martin0
                martin0 Feb 26, 2004 4:12 PM (in response to eddie07)

                Eric,

                That's sounds interesting - can you elaborate?

                Thanks
                Martin

                  • Actions