1 2 Previous Next 15 Replies Latest reply on Sep 10, 2008 11:19 AM by Micah Cleveland

    How to authenticate to the JBoss server without FORM authent

    Marcos Antonio Novice

      - JBoss 4.2.3.GA
      - Java 5 Update 16

      Hello, everybody!

      I have a web application already in production that uses FORMs authentication as the way for the user to log in in the application. All the business logic that this web application uses is in a EJB jar file deployed in the same server. So, as it uses FORM authentication all the authentication process is handled for me automatically. This is working ok.

      I already have client (Swing) applicatios that connect to the same server and also have to make session bean calls. In order to do so, I had to manually authenticate to the JBoss server in the client application. I used code like this to authenticate the user on the server:

      import javax.naming.CommunicationException;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.login.LoginContext;
      import javax.security.auth.login.LoginException;
      
      import org.jboss.security.auth.callback.UsernamePasswordHandler;
      
      //
      
      private LoginContext fLoginContext;
      
      public void connect(String userName, String password) throws Exception
      {
       String configFile = "jaas.config";
       System.setProperty("java.security.auth.login.config", configFile);
      
       CallbackHandler manager =
       new UsernamePasswordHandler(userName, password);
       fLoginContext = new LoginContext("login", manager);
       fLoginContext.login();
      
       testLogin();
      }
      
      public void disconnect()
      {
       if (fLoginContext == null)
       {
       throw new UnsupportedOperationException(
       "Connection still not established.");
       }
       try
       {
       fLoginContext.logout();
       }
       catch (LoginException ex)
       {
       MessageDialog.showError(ex.getMessage());
       }
      }
      
      // This method just invokes a function in a real EJB to make the real
      // authentication
      private void testLogin() throws Exception
      {
       IReservaManager reserveManager =
       FabricaDados.getInstance().getReserveManager();
       reserveManager.find();
      }
      


      The code above is working ok as well.

      Now I'm developing another web application. This new web application, as the other web application, also has to make calls on the session beans of another EJB jar file. But this web application doesn't use FORM authentication, so I think I'll have to provide the authentication manually as I did for the client (Swing) application. This is where my doubt is. Do I have to use something similar to the code that I use in the Swing application to authenticate in the web application or is there another way in JBoss to make the authentication from a web application that doesn't use FORM authentication? I'm really in doubt with this.

      So, what's the right idiom (pattern) to authenticate (and disconnect later) to the JBoss server in order to make session bean method calls in a web application that doesn't use FORM authentication?

      Thank you very much.

      Marcos

        • 1. Re: How to authenticate to the JBoss server without FORM aut
          Ragav Gomatam Novice

          There is, I believe another way, without using FORM authentication, you can use Programmatic login (using WebAuthentication) . You will have to refer to the documentation for more details..Check out this url
          http://wiki.jboss.org/wiki/WebAuthentication

          • 2. Re: How to authenticate to the JBoss server without FORM aut
            Marcos Antonio Novice

             

            "ragavgomatam" wrote:
            There is, I believe another way, without using FORM authentication, you can use Programmatic login (using WebAuthentication) . You will have to refer to the documentation for more details..Check out this url
            http://wiki.jboss.org/wiki/WebAuthentication


            Hello, ragavgomatam!

            I've been testing WebAuthentication, as suggested by you, and I'm getting some good, and also strange, results. Below are some test that I made (with comments):

            Test 1 (with a valid user and password):

            WebAuthentication authentication = new WebAuthentication();
            authentication.login("90000005", "1vgd4m");
            System.out.println(context.getUserPrincipal()); // 90000005
            System.out.println(context.isUserInRole("USUARIO")); // true
            System.out.println(context.isUserInRole("ADMINISTRADOR")); // true
            
            // Session bean method call ok
            System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
            
            authentication.logout();
            System.out.println(context.getUserPrincipal()); // null
            System.out.println(context.isUserInRole("USUARIO")); // false
            System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
            


            Test 2 (without a valid user and password):

            WebAuthentication authentication = new WebAuthentication();
            authentication.login("90000005abc", "1vgd4mabc");
            System.out.println(context.getUserPrincipal()); // null
            System.out.println(context.isUserInRole("USUARIO")); // false
            System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
            
            // Session bean method call ok (but why?)
            System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
            
            authentication.logout();
            System.out.println(context.getUserPrincipal()); // null
            System.out.println(context.isUserInRole("USUARIO")); // false
            System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
            


            Test 3 (without authentication):

            // Session bean method call ok (but why? this is very strange)
            System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
            


            Could you explain why the session bean's method calls are working even with a invalid user and even without authentication?

            Thank you.

            Marcos

            • 3. Re: How to authenticate to the JBoss server without FORM aut
              Ragav Gomatam Novice

              Hi,
              Can you please publish your ejb method permissions ?

              • 4. Re: How to authenticate to the JBoss server without FORM aut
                Marcos Antonio Novice

                 

                "ragavgomatam" wrote:
                Hi,
                Can you please publish your ejb method permissions ?


                Hello, ragavgomatam! You solved the problem. I wasn't really securing my EJB methods. After applying the security with the @SecurityDomain and @RolesAllowed annotations, everything worked as expected. Now with a real username and password the session bean method calls works without problems, but with an invalid username and/or password or without authentication it the method calls fail.

                But another issue arised now. It's no more related with programmatically authenticating, but with programmatically loging out from the authentication. I'm using JSF in my web application. So, I put the code to logout in a session backing bean method marked with the @PreDestroy annotation. In JSF, methods marked with this annotation are called when the JSF container dispose of the backing bean that it automatically created. So, I thought that this would be a good place to put the logout code, like this:

                @PreDestroy
                public void finalizar()
                {
                 IAutenticacao autenticacao =
                 FabricaDados.getInstancia().getAutenticacao();
                 autenticacao.logout(); // This just calls webAuthentication.logout() inside
                }
                


                but I get the following error message:

                2008-08-11 08:38:05,546 ERROR [org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy failed on managed bean.
                java.lang.reflect.InvocationTargetException
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112)
                 at org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80)
                 at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120)
                 at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248)
                 at com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265)
                 at com.sun.faces.application.WebappLifecycleListener.sessionDestroyed(WebappLifecycleListener.java:133)
                 at com.sun.faces.config.ConfigureListener.sessionDestroyed(ConfigureListener.java:296)
                 at org.apache.catalina.session.StandardSession.expire(StandardSession.java:702)
                 at org.apache.catalina.session.StandardSession.expire(StandardSession.java:660)
                 at org.apache.catalina.session.StandardManager.stop(StandardManager.java:676)
                 at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523)
                 at org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163)
                 at org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                 at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461)
                 at org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432)
                 at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422)
                 at org.jboss.web.WebModule.stopModule(WebModule.java:100)
                 at org.jboss.web.WebModule.stopService(WebModule.java:66)
                 at org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315)
                 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                 at $Proxy0.stop(Unknown Source)
                 at org.jboss.system.ServiceController.stop(ServiceController.java:508)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy44.stop(Unknown Source)
                 at org.jboss.web.AbstractWebContainer.stop(AbstractWebContainer.java:498)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                 at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
                 at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
                 at org.jboss.wsf.container.jboss42.DeployerInterceptor.stop(DeployerInterceptor.java:98)
                 at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.stop(SubDeployerInterceptorSupport.java:196)
                 at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:99)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy45.stop(Unknown Source)
                 at org.jboss.deployment.MainDeployer.stop(MainDeployer.java:667)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:638)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:632)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:615)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy9.undeploy(Unknown Source)
                 at org.jboss.deployment.scanner.URLDeploymentScanner.undeploy(URLDeploymentScanner.java:450)
                 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:604)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225)
                Caused by: java.lang.IllegalStateException: request is null
                 at org.jboss.web.tomcat.security.login.WebAuthentication.logout(WebAuthentication.java:115)
                 at br.urca.www.biblioteca.dados.ejb.AutenticacaoEJB.logout(AutenticacaoEJB.java:29)
                 at br.urca.www.biblioteca.web.PesquisaAcervo.finalizar(PesquisaAcervo.java:60)
                 ... 97 more
                2008-08-11 08:38:05,562 ERROR [org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy failed on managed bean.
                java.lang.reflect.InvocationTargetException
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112)
                 at org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80)
                 at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120)
                 at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248)
                 at com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265)
                 at com.sun.faces.application.WebappLifecycleListener.attributeRemoved(WebappLifecycleListener.java:189)
                 at com.sun.faces.config.ConfigureListener.attributeRemoved(ConfigureListener.java:333)
                 at org.apache.catalina.session.StandardSession.removeAttributeInternal(StandardSession.java:1670)
                 at org.apache.catalina.session.StandardSession.expire(StandardSession.java:756)
                 at org.apache.catalina.session.StandardSession.expire(StandardSession.java:660)
                 at org.apache.catalina.session.StandardManager.stop(StandardManager.java:676)
                 at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523)
                 at org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163)
                 at org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                 at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461)
                 at org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432)
                 at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422)
                 at org.jboss.web.WebModule.stopModule(WebModule.java:100)
                 at org.jboss.web.WebModule.stopService(WebModule.java:66)
                 at org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315)
                 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                 at $Proxy0.stop(Unknown Source)
                 at org.jboss.system.ServiceController.stop(ServiceController.java:508)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy44.stop(Unknown Source)
                 at org.jboss.web.AbstractWebContainer.stop(AbstractWebContainer.java:498)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                 at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
                 at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
                 at org.jboss.wsf.container.jboss42.DeployerInterceptor.stop(DeployerInterceptor.java:98)
                 at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.stop(SubDeployerInterceptorSupport.java:196)
                 at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:99)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy45.stop(Unknown Source)
                 at org.jboss.deployment.MainDeployer.stop(MainDeployer.java:667)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:638)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:632)
                 at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:615)
                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                 at java.lang.reflect.Method.invoke(Unknown Source)
                 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                 at $Proxy9.undeploy(Unknown Source)
                 at org.jboss.deployment.scanner.URLDeploymentScanner.undeploy(URLDeploymentScanner.java:450)
                 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:604)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274)
                 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225)
                Caused by: java.lang.IllegalStateException: request is null
                 at org.jboss.web.tomcat.security.login.WebAuthentication.logout(WebAuthentication.java:115)
                 at br.urca.www.biblioteca.dados.ejb.AutenticacaoEJB.logout(AutenticacaoEJB.java:29)
                 at br.urca.www.biblioteca.web.PesquisaAcervo.finalizar(PesquisaAcervo.java:60)
                


                From the message I can understand that at the point that the JSF container calls the method marked with @PreDestroy the request object is already null, as the message shows, so I can understand that this is not really a good point to call the logout method. But I wonder what other point I would make the logout.

                I would appreciate a lot if you have a suggestion to give me about this issue, as I think I have to do the logout. I don't know if JBoss will do this automatically to me at some point. I mean, if it has some kind of timeout for users that are logged in with the WebAuthentication class.

                Thank you.

                Marcos

                • 5. Re: How to authenticate to the JBoss server without FORM aut
                  Ragav Gomatam Novice

                  Try calling HttpSession.invalidate(). When you invalidate the session on log out, Jboss automatiocally clears the Principal from its internal cache.

                  • 6. Re: How to authenticate to the JBoss server without FORM aut
                    Marcos Antonio Novice

                     

                    "ragavgomatam" wrote:
                    Try calling HttpSession.invalidate(). When you invalidate the session on log out, Jboss automatiocally clears the Principal from its internal cache.


                    Are you saying that instead of calling webAuthentication.logout(), I should call something like this:

                    HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
                    session.invalidate();
                    


                    • 7. Re: How to authenticate to the JBoss server without FORM aut
                      Ragav Gomatam Novice

                      Yes..Try it..This should do a Jaas Log out for you

                      • 8. Re: How to authenticate to the JBoss server without FORM aut
                        Marcos Antonio Novice

                         

                        "ragavgomatam" wrote:
                        Yes..Try it..This should do a Jaas Log out for you


                        ragavgomatam, I've tried with the code:

                        HttpSession session =
                         (HttpSession) FacesContext.getCurrentInstance().
                         getExternalContext().getSession(false);
                        session.invalidate();
                        


                        but unfortunately it doesn't work because at this point in the web life cycle when the web container calls the method marked with the @PreDestroy annotation to do the cleanup, FacesContext.getCurrentInstance() returns null. So, I get the following exception:

                        2008-08-12 08:26:37,343 ERROR [org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy failed on managed bean.
                        java.lang.reflect.InvocationTargetException
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112)
                         at org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80)
                         at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120)
                         at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248)
                         at com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265)
                         at com.sun.faces.application.WebappLifecycleListener.sessionDestroyed(WebappLifecycleListener.java:133)
                         at com.sun.faces.config.ConfigureListener.sessionDestroyed(ConfigureListener.java:296)
                         at org.apache.catalina.session.StandardSession.expire(StandardSession.java:702)
                         at org.apache.catalina.session.StandardSession.expire(StandardSession.java:660)
                         at org.apache.catalina.session.StandardManager.stop(StandardManager.java:676)
                         at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523)
                         at org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163)
                         at org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                         at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461)
                         at org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432)
                         at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422)
                         at org.jboss.web.WebModule.stopModule(WebModule.java:100)
                         at org.jboss.web.WebModule.stopService(WebModule.java:66)
                         at org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315)
                         at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247)
                         at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                         at $Proxy0.stop(Unknown Source)
                         at org.jboss.system.ServiceController.stop(ServiceController.java:508)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy44.stop(Unknown Source)
                         at org.jboss.web.AbstractWebContainer.stop(AbstractWebContainer.java:498)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                         at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
                         at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
                         at org.jboss.wsf.container.jboss42.DeployerInterceptor.stop(DeployerInterceptor.java:98)
                         at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.stop(SubDeployerInterceptorSupport.java:196)
                         at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:99)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy45.stop(Unknown Source)
                         at org.jboss.deployment.MainDeployer.stop(MainDeployer.java:667)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:638)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:632)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:615)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy9.undeploy(Unknown Source)
                         at org.jboss.deployment.scanner.URLDeploymentScanner.undeploy(URLDeploymentScanner.java:450)
                         at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:604)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225)
                        Caused by: java.lang.NullPointerException
                         at br.urca.www.biblioteca.dados.ejb.AutenticacaoEJB.logout(AutenticacaoEJB.java:34)
                         at br.urca.www.biblioteca.web.PesquisaAcervo.finalizar(PesquisaAcervo.java:60)
                         ... 96 more
                        2008-08-12 08:26:37,343 ERROR [org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy failed on managed bean.
                        java.lang.reflect.InvocationTargetException
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112)
                         at org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80)
                         at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120)
                         at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248)
                         at com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265)
                         at com.sun.faces.application.WebappLifecycleListener.attributeRemoved(WebappLifecycleListener.java:189)
                         at com.sun.faces.config.ConfigureListener.attributeRemoved(ConfigureListener.java:333)
                         at org.apache.catalina.session.StandardSession.removeAttributeInternal(StandardSession.java:1670)
                         at org.apache.catalina.session.StandardSession.expire(StandardSession.java:756)
                         at org.apache.catalina.session.StandardSession.expire(StandardSession.java:660)
                         at org.apache.catalina.session.StandardManager.stop(StandardManager.java:676)
                         at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523)
                         at org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163)
                         at org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                         at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461)
                         at org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432)
                         at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422)
                         at org.jboss.web.WebModule.stopModule(WebModule.java:100)
                         at org.jboss.web.WebModule.stopService(WebModule.java:66)
                         at org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315)
                         at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247)
                         at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                         at $Proxy0.stop(Unknown Source)
                         at org.jboss.system.ServiceController.stop(ServiceController.java:508)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy44.stop(Unknown Source)
                         at org.jboss.web.AbstractWebContainer.stop(AbstractWebContainer.java:498)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                         at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
                         at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
                         at org.jboss.wsf.container.jboss42.DeployerInterceptor.stop(DeployerInterceptor.java:98)
                         at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.stop(SubDeployerInterceptorSupport.java:196)
                         at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:99)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy45.stop(Unknown Source)
                         at org.jboss.deployment.MainDeployer.stop(MainDeployer.java:667)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:638)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:632)
                         at org.jboss.deployment.MainDeployer.undeploy(MainDeployer.java:615)
                         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                         at java.lang.reflect.Method.invoke(Unknown Source)
                         at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                         at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                         at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                         at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                         at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                         at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                         at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                         at $Proxy9.undeploy(Unknown Source)
                         at org.jboss.deployment.scanner.URLDeploymentScanner.undeploy(URLDeploymentScanner.java:450)
                         at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:604)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274)
                         at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225)
                        Caused by: java.lang.NullPointerException
                         at br.urca.www.biblioteca.dados.ejb.AutenticacaoEJB.logout(AutenticacaoEJB.java:34)
                         at br.urca.www.biblioteca.web.PesquisaAcervo.finalizar(PesquisaAcervo.java:60)
                        


                        I placed System.out.println calls and I saw that really FacesContext.getCurrentInstance() is returning null at this point. In my application there's not a logout button or whatever for the user to logout. All this is happening when I'm redeploying the application to the server, and the server is in the process of shutting down the old application that was running.

                        This application that I'm developing doesn't have to have any security restrictions. I mean, everyone could access it and I don't need to secure my EJBs restricting access to some roles. So, I was wondering as I'm able to make EJB calls without authentication (as was shown previously), wouldn't be ok to just proceed like this? I think that when I don't provide an authenticated user to JBoss, it is using something like this behind the scenes automatically for me (correct me if I'm wrong), if not I wouldn't be able to make method calls. So, if JBoss releases the resources it allocates when the session expires, it would be ok for me. So, what do you have to tell me about this? How JBoss behave in this case? Is this a good approach for me to follow? If not, what would be another place for me to do the logout from the WebAutentication facility?

                        Thank you.

                        Marcos

                        • 9. Re: How to authenticate to the JBoss server without FORM aut
                          Ragav Gomatam Novice

                           

                          This application that I'm developing doesn't have to have any security restrictions
                          Questions I have are :-
                          (1) If Security is not desired, then why bother. Most certainly you can have unsecured ejb's . This is absolutely ok.
                          (2) If you do not provide any security restrictions by way of special elements entry into your web.xml and jboss-web.xml and ejb-jar.xml , then your application is unsecured. Jboss does nothing special in this case & allows access to any methods that you may call on your ejb's
                          If not, what would be another place for me to do the logout from the WebAutentication facility?

                          Again, do you need authentication ? Else don't bother

                          • 10. Re: How to authenticate to the JBoss server without FORM aut
                            Marcos Antonio Novice

                             

                            "ragavgomatam" wrote:

                            (1) If Security is not desired, then why bother. Most certainly you can have unsecured ejb's . This is absolutely ok.


                            First I thought that in order to make EJB calls I had to be authenticated. So, it was crucial to me to have a place to log out, cancelling the authentication in order to release server resources more quickly. But as my application showed to me, and you confirmed that, I don't need to do so. I can have unsecured EJBs, that way I'm having now. But with these unsecured EJBs, does JBoss still manage the release of resources of the users that are not using the application anymore automatically for me? Maybe this is a naive question, but I would like to make sure anyhow.

                            Marcos

                            • 11. Re: How to authenticate to the JBoss server without FORM aut
                              Ragav Gomatam Novice

                               

                              But with these unsecured EJBs, does JBoss still manage the release of resources of the users that are not using the application anymore automatically for me?

                              Clarify what do you mean by
                              "JBoss still manage the release of resources"
                              What resources are you referring to ?

                              • 12. Re: How to authenticate to the JBoss server without FORM aut
                                Marcos Antonio Novice

                                 

                                "ragavgomatam" wrote:

                                Clarify what do you mean by
                                "JBoss still manage the release of resources"
                                What resources are you referring to ?


                                When I call manually webAuthentication.logout() or session.invalidate() I know that this release some kind of resources on the server more quickly. As I'm not using any of these facilities now with my unsecured EJBs, does JBoss manage the release of things like these automatically for me too? I mean, I don't want to have a lot of memory wasted on the server machine just because I'm running with unsecured EJBs.

                                Marcos

                                • 13. Re: How to authenticate to the JBoss server without FORM aut
                                  Ragav Gomatam Novice

                                  The only resource that jboss caches when you use its security features are the JAAS Subject in ihe HttpSession. In your case, since you are not using security, nothing is cached by Jboss. So don't worry. You are good & no memory is wasted. Enjoy

                                  • 14. Re: How to authenticate to the JBoss server without FORM aut
                                    Marcos Antonio Novice

                                    ragavgomatam, I want to thank you very much for your patience and valuable help in answering my questions. Now I can proceed in my web application development more confident about what I'm doing. Thank you once again.

                                    Marcos

                                    1 2 Previous Next