-
1. Re: Very Very Urgent !! Multiple User
fenilya May 5, 2004 2:51 PM (in response to anbenham)What kind of applicatio do you have? Do you make use of jsp/servlets? HTTP sessions? If so, how do you keep track of Appserver sessions?
-
2. Re: Very Very Urgent !! Multiple User
starksm64 May 5, 2004 7:33 PM (in response to anbenham)Using what version of jboss?
-
3. Re: Very Very Urgent !! Multiple User
anbenham May 6, 2004 2:35 AM (in response to anbenham)I am using 3.2.3.
How to kkep track of appserver sessions? -
4. Re: Very Very Urgent !! Multiple User
starksm64 May 6, 2004 12:02 PM (in response to anbenham)Then show the code that is having the problem and describe how you are setting up the security. The request.getUserPrincipal() value is only valid in the context of the request thread that entered the servlet service method.
-
5. Re: Very Very Urgent !! Multiple User
anbenham May 7, 2004 5:18 AM (in response to anbenham)Hi,
Here are my details:
RuntimeEnvironment:
JBoss 3.2.3 with Tomcat 4.1
Configuration:
1-Single Sign On in Tomcat enabled
2-I Use my own Implementation for the LoginModule
3-I use my own Implementation of the Principal
Implementation:
LoginModulepublic boolean commit() throws LoginException { if (!loginOk) return false; Set principals = subject.getPrincipals(); //add Principal principals.add(getIdentity()); // Add Roles Group[] roleSets = getRoleSets(); for (int g = 0; g < roleSets.length; g++) { Group group = roleSets[g]; String name = group.getName(); Group subjectGroup = createGroup(name, principals); if (subjectGroup instanceof NestableGroup) { SimpleGroup tmp = new SimpleGroup ("Roles"); subjectGroup.addMember(tmp); subjectGroup = tmp; } // Copy the group members to the Subject group Enumeration members = group.members(); while (members.hasMoreElements()) { Principal role = (Principal) members.nextElement(); subjectGroup.addMember(role); } } return true; } public Group[] getRoleSets() throws LoginException { SimpleGroup userRoles = new SimpleGroup("Roles"); SimpleGroup callerPrincipalGroup = new SimpleGroup("CallerPrincipal"); Set set = new HashSet(); //Roles to Group "Roles" try { set = (Set) bereMgr.getBenutzerrollen(); } catch (DzException e) { throw new LoginException(e.getMessage()); } Iterator it = set.iterator(); while (it.hasNext()) { String rolle = (String) it.next(); //Add each role to the "Roles" principal userRoles.addMember(new BereFunktion(rolle)); } //Principal ins Group "CallerPrincipal" callerPrincipalGroup.addMember(getIdentity()); Group[] roleSets = { userRoles, callerPrincipalGroup }; return roleSets; }
Getting my Implementation of the principal DZPrincipalPrincipal principal = SecurityAssociation.getPrincipal(); if (principal instanceof DZPrincipal) return (DZPrincipal) principal; else{ Subject subject = SecurityAssociation.getSubject(); Set principals = subject.getPrincipals(); Iterator i = principals.iterator(); while (i.hasNext()) { Principal p = (Principal) i.next(); if (p instanceof DZPrincipal) return (DZPrincipal)p; } }
I use this methode to get my Principal, because request.getUserPrincipal() sometimes returns an Instance of SimplePrincipal.
Is this Information sufficient? -
6. Re: Very Very Urgent !! Multiple User Problem
anbenham May 14, 2004 11:47 AM (in response to anbenham)Scott please would you reply to this question?
I still have this problem.
Sometimes when many users work simultaneously, one user gets the session of the other.
see my configuratioon and implementation over here.
My logout implementation:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=49616
thanx in advance
best regards
anis -
7. Re: Very Very Urgent !! Multiple User
starksm64 May 14, 2004 12:19 PM (in response to anbenham)Create a bug report on sourceforge with a sample that illustrates the problem and include the login module and sso configurations.
http://sourceforge.net/tracker/?group_id=22866&atid=376685 -
8. Re: Very Very Urgent !! Multiple User
anbenham May 18, 2004 4:51 AM (in response to anbenham)Hi,
I think I found a reason for my problem.
I have noticed that when I try to call a secure page in my AppSecurityAssosciation.getPrincipal()
sometimes returns a Principal that is logged in another session/thread.
I have added a test output in the login page to see the contents ofrequest.getUserprincipal()
andSecurityAssosciation.getPrincipal()
.
Sometimes when another user is logged on, I get the following case:
request.getRemoteUser() : null
request.getUserprincipal() : null
SecurityAssosciation.getPrincipal(): anis
Is this normal? -
9. Re: Very Very Urgent !! Multiple User
starksm64 May 21, 2004 11:17 AM (in response to anbenham)I can't say without seeing what your code is doing. The SecurityAssociation api is really not a public api. Its a thread local in the server so you cannot be seeing another thread's association. The request.getUserprincipal() is null whenever you access an unsecured page.
-
10. Re: Very Very Urgent !! Multiple User
anbenham May 24, 2004 4:01 AM (in response to anbenham)OK, i´ll try to build a sample showing how my application is working. BTW how to upload code here?
Anyway it´s sure, that calling SecurityAssosciation.getPrincipal() doesn´t always return null if the user is not logged in. Sometimes it returns another principal of a user logged in in another session.
Best regards anis -
11. Re: Very Very Urgent !! Multiple User
anbenham May 24, 2004 10:23 AM (in response to anbenham)How can I upload code to show how my application is working?
-
12. Re: Very Very Urgent !! Multiple User
starksm64 May 24, 2004 10:32 AM (in response to anbenham)By creating a bug report on sourceforge as I mentioned earlier. Bug reports are initiated here:
http://sourceforge.net/tracker/?group_id=22866&atid=376685 -
13. Re: Very Very Urgent !! Multiple User
bjornbak May 27, 2004 3:09 AM (in response to anbenham)I have similar symptoms with JBoss_3.2.3-Jetty_4.2.14, SecurityFilter, S. Radford's com.aegus.securityfiler.JBossRealmAdapter and a custom LoginModule.
Our system is rather complex so I can't describe it here, but my investigations seems to point on a mixup of session objects in the ejb or security layers.. -
14. Re: Very Very Urgent !! Multiple User
anbenham May 28, 2004 9:57 AM (in response to anbenham)OK I have reprted a bug.
see http://sourceforge.net/tracker/index.php?func=detail&aid=962223&group_id=22866&atid=376685.