0 Replies Latest reply on May 30, 2007 5:16 AM by Roman Heinrich

    User does not logout after performing logout

    Roman Heinrich Newbie

      Hi,

      i`m performing login via this method:

      public void authenticateUser(String userName,
      String password) throws MBeanServiceIdentitySecurityException
      {
      log.debug("entering authenticateUser");
      subj = new Subject();
      try {
      lctx = new LoginContext(SECURITY_DOMAIN_LC_ID,
      subj,
      new MBeanServiceIndentityCallbackHandler(userName,password)
      );
      lctx.login();

      IshopPrincipal p = getCurrentUserForMBean();
      log.debug("Authenticated user (Ishop principal id: "+p.getId()+")");

      log.debug("Adding principal to SecurityAssociation");
      org.jboss.security.SecurityAssociation.pushSubjectContext(subj,p,password);


      } catch (LoginException e)
      {
      log.error(e.getLocalizedMessage(),e);
      throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
      }
      }

      then i`m calling ejb method :

      InitialContext ctx = new InitialContext();
      UsersBeanLocalHome home = (UsersBeanLocalHome) ctx.lookup(UsersBeanLocalHome.JNDI_NAME);
      UsersBeanLocal loc = home.create();
      u = loc.selfGetUser();

      which is protected by security role.

      Next i`m calling this:

      public void logoutUser() throws MBeanServiceIdentitySecurityException
      {
      log.debug("entering logoutUser");
      assertVars();
      try {
      lctx.logout();
      } catch (LoginException e) {
      log.error(e.getLocalizedMessage(),e);
      throw new MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
      }
      subj = null;
      lctx = null;
      }

      then i`m calling u = loc.selfGetUser(); and logged user is still there. Am i missing something or there is an bug in JBOSS 4.0.3SP1.

      Thanks.