Security check for all logged in users failed when a user is
I have a situation where a single user logs out (or fails to login) causing all other users that already logged in fail to reauthenticate. My application security module is working fine as long as each client session that creates a LoginContext runs in a separate jre.
Example 1: If there are 3 users bob, joe and mary logged in the system from the same client machine running under the same jre. If user joe logs out would cause users bob & mary security check to fail. The error shows that the security principal for user bob & mary is null causing them fail to re-authenticate.
Example 2: If there are 2 users bob and mary logged in the system from the same client machine running under the same jre. If user joe logs under the same jre using a wrong password would cause users bob & mary security check to fail. The error shows that the security principal for user bob & mary is now joe causing them fail to re-authenticate due to incorrect password.
One may question why run all 3 instances of client LoginContext under the same jre? well, it's simply because this is our thin client app, and it runs inside the Tomcat servlet engine that gets executed under the same jre. The same configuration works for WebLogic & WebSphere.
Thanks for reviewing the case. If you have a solution or any hints to help resolving this problem, I really appreciate your help.
Thanks,
Quoc
Here is the exception generated in example 1:
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:118)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:96)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:9
7)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
at $Proxy3.getPartByKey(Unknown Source)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl$PrivilegedAction_96.r
un(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:320)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl.getPartByKey(Unknown
Source)
at TestClient.run(TestClient.java:52)
at TestClient.main(TestClient.java:68)
Caused by: java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
at org.jboss.ejb.plugins.CleanShutdownInterceptor.invoke(CleanShutdownInterceptor.java:264)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.
java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:854)
at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:77
5)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.ja
va:174)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
... 24 more
java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:118)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:96)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:9
7)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
at $Proxy3.getPartByKey(Unknown Source)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl$PrivilegedAction_96.r
un(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:320)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl.getPartByKey(Unknown
Source)
at TestClient.run(TestClient.java:52)
at TestClient.main(TestClient.java:68)
Caused by: java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
at org.jboss.ejb.plugins.CleanShutdownInterceptor.invoke(CleanShutdownInterceptor.java:264)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.
java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:854)
at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:77
5)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.ja
va:174)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
... 24 more
Exception in thread "main" java.rmi.ServerException: RemoteException occurred in server thread; nest
ed exception is:
java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:118)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:96)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:9
7)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
at $Proxy3.getPartByKey(Unknown Source)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl$PrivilegedAction_96.r
un(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:320)
at com.datasweep.plantops.proxies.jboss.rmiImpl.ObjectRetrievalRMIImpl.getPartByKey(Unknown
Source)
at TestClient.run(TestClient.java:52)
at TestClient.main(TestClient.java:68)
Caused by: java.rmi.ServerException: EJBException:; nested exception is:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
at org.jboss.ejb.plugins.CleanShutdownInterceptor.invoke(CleanShutdownInterceptor.java:264)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.
java:122)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
at org.jboss.ejb.Container.invoke(Container.java:854)
at sun.reflect.GeneratedMethodAccessor134.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:77
5)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
at sun.reflect.GeneratedMethodAccessor133.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.ja
va:174)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
... 24 more