3 Replies Latest reply on Dec 17, 2004 11:54 AM by Scott Stark

    client JAAS logout from two different j2ee applications prob

    Catalin Kormos Newbie

      Hi,

      I have two j2ee applications deployed inside a JBoss3.2.3 instance; each of the applications has its own security domain and i use the same client application to access them. For each of the two j2ee applications i've wrote a coresponding custom server login module; for the login part everything works fine, depending on to which application the login is made (using different LoginContext instances), the corresponding login module is invoked to perform authentication. But when i wan't to logout only from one app (using again different LoginContext instances) the other login module is invoked...which normaly doesn't know about the user that wants to logout. Here is the error on the server side:

      2004-12-15 14:06:10,375 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=Administrator
      2004-12-15 14:06:10,375 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=Administrator
       at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:107)
       at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
       at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
       at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:144)
       at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:62)
       at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invoke(StatefulSessionInstanceInterceptor.java:269)
       at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
       at org.jboss.ejb.StatefulSessionContainer.internalInvoke(StatefulSessionContainer.java:416)
       at org.jboss.ejb.Container.invoke(Container.java:700)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:367)
       at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
       at sun.rmi.transport.Transport$1.run(Transport.java:148)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
       at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
       at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
       at java.lang.Thread.run(Thread.java:534)


      My client auth.conf file:

      c-lims-client
      {
       ro.citrusmedia.lims.base.ui.moduleparts.security.CLCLientLoginModule required
       ;
      
       org.jboss.security.ClientLoginModule required
       ;
      };
      
      c-lims-web-client
      {
       org.jboss.security.ClientLoginModule required
       ;
      };


      When i want to logout from "c-lims-web-client" the "c-lims-client" login module is invoked to perform the action..

      Any ideeas on what i'm doing wrong?

      Thanks