4 Replies Latest reply on Jan 23, 2009 3:50 AM by tom.iten

    getCallerPrincipal().getName() cached? with JBoss 5.0.0.GA

      Hi everybody

      I'm logging the Name of the Principal and getting always the same Name
      from the first Invocation of the Bean. The calls are made from a standalone
      Client under different User Names.

      ...
      SessionContext ctx;
      
       public double getRate(CurrencyType from, CurrencyType to) {
      
       // get pricipal name
       System.out.println("getRate for user "
       + ctx.getCallerPrincipal().getName() );
      
       ...
       }
      
      
      



      Any help is apprechiated.
      Best Regards
      Tom

        • 1. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
          ragavgomatam

          YES, Jboss caches the Principal in your HttpSession till the duration of your seeion time out. Check the login-config.xml. You can turn it off if you desire

          • 2. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.

            Hi

            I'm using stateless session bean. between separate client invocation i'm getting the same Principal Name. The roles changes to the new user, but
            the name is still the old.

            Is there also i timeout for stateless session beans? this would confuse me a bit since they go back to the pool.

            Best Regards
            Tom

            • 3. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
              ragavgomatam

              I suppose you are doing

              LoginContext.login()

              from your client. After login, you must be invoking methods on a secured ejb. Did you check, if you are calling
              LoginContext.logout() ?

              after completing the call

              Also try setting "DefaultCacheTimeout" in the jboss-service.xml to 0. Try & see if it helps. Besides I am quite sure that it is not guaranteed by ejb container vendors to return different instances of stateless ejb's between different invocations. So, don't expect different stateless instances to be returned for different client invocations. You could be getting the same underlying instance. So don't programme expecting different instances to be returned.

              Yes, you can tinker around with the ejb pool. Be cautious whilst you do that

              • 4. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.

                Hi ragavgomatam

                Thanks for your support. To your questions:

                yes i do login and logout. i have two different versions. one with the setSimple login method and one with jaas. i doesn't work for both.
                i tried the sample also with the proposed cache value set to 0, but i still have the same problem.

                The roles of the different user's are as expected, but the name is still the same. For stateless Session Beans there schouln't be any chaching of the pricipal since after a business call invokation the can be assigned to another client. What do you think?

                Best Regards
                Tom


                EJB Code:

                @Stateless
                @RemoteBinding(jndiBinding = "ejb/MoneyExchange")
                @SecurityDomain("MoneyExchangeDomain")
                @RolesAllowed("Customer")
                @DeclareRoles("VIP")
                public class MoneyExchangeBean implements MoneyExchangeRemote {
                
                 @PersistenceContext(unitName = "MoneyExchangePu")
                 private EntityManager em;
                
                 @Resource
                 SessionContext ctx;
                
                 public double getRate(CurrencyType from, CurrencyType to) {
                
                 // get pricipal name
                 System.out.println("getRate for user "
                 + ctx.getCallerPrincipal().getName());
                
                 // get rate
                 double rate = searchRate(from, to);
                
                 // calculate bonus rate vor VIP's
                 if (ctx.isCallerInRole("VIP")) {
                 int percent = getVIPBonus();
                 rate = rate * (1 + (percent / 100.0));
                 }
                
                 return rate;
                 }
                
                 @RolesAllowed("Administrator")
                 public void setRates(List<Rate> rates) {
                
                 em.createQuery("delete from Rate").executeUpdate();
                
                 for (Rate rate : rates) {
                 em.persist(rate);
                 }
                 }
                
                 @RolesAllowed("VIP")
                 public int getVIPBonus() {
                
                 Bonus bonus = em.find(Bonus.class, "VIP");
                 int result = 5; // default vip bonus in percent
                
                 if (bonus != null) {
                 result = bonus.getPercent();
                 }
                
                 return result;
                 }
                
                 @RolesAllowed("Administrator")
                 public void setVIPBonus(int percent) {
                 Bonus bonus = new Bonus("VIP", percent);
                
                 if (em.find(Bonus.class, bonus.getRole()) == null) {
                 em.persist(bonus);
                 } else {
                 em.merge(bonus);
                 }
                 }
                
                 private double searchRate(CurrencyType from, CurrencyType to) {
                
                 Rate rate;
                 double result;
                 Query query = em
                 .createQuery("select r from Rate r where r.from=:from and r.to=:to");
                
                 try {
                
                 // search from/to
                 query.setParameter("from", from);
                 query.setParameter("to", to);
                 rate = (Rate) query.getSingleResult();
                
                 result = rate.getRate();
                
                 } catch (NoResultException e) {
                
                 // search to/from and swap rate
                 query.setParameter("from", to);
                 query.setParameter("to", from);
                 rate = (Rate) query.getSingleResult();
                
                 result = 1 / rate.getRate();
                 }
                
                 return result;
                 }
                
                } // end of class
                



                Client with simple Login:
                public class SimpleMoneyExchangeClient {
                
                 SecurityClient securityClient;
                
                 private void login(String user, String password) throws Exception {
                 securityClient = SecurityClientFactory.getSecurityClient();
                 securityClient.setSimple(user, password.toCharArray());
                 securityClient.login();
                 }
                
                 private void logout() {
                 securityClient.logout();
                 }
                
                 private Context getInitialContext() throws NamingException {
                
                 Hashtable<String, String> env = new Hashtable<String, String>();
                
                 env.put(Context.INITIAL_CONTEXT_FACTORY,
                 "org.jnp.interfaces.NamingContextFactory");
                 env
                 .put(Context.URL_PKG_PREFIXES,
                 "org.jboss.naming;org.jnp.interfaces");
                 env.put(Context.PROVIDER_URL, "jnp://localhost:1099");
                
                 InitialContext initialContext = new InitialContext(env);
                
                 return initialContext;
                 }
                
                 private MoneyExchangeRemote getRemote() throws Exception {
                
                 // get initial context
                 Context ctx = getInitialContext();
                
                 // get object reference
                 return (MoneyExchangeRemote) ctx.lookup("ejb/MoneyExchange");
                 }
                
                 public void setRates(String user, String password) throws Exception {
                
                 // init
                 login(user, password);
                
                 MoneyExchangeRemote remote = getRemote();
                
                 // set rates
                 List<Rate> rates = new ArrayList<Rate>();
                 rates.add(new Rate(CurrencyType.CHF, CurrencyType.USD, 0.83));
                 rates.add(new Rate(CurrencyType.CHF, CurrencyType.EUR, 0.65));
                 rates.add(new Rate(CurrencyType.EUR, CurrencyType.USD, 1.37));
                
                 remote.setRates(rates);
                
                 // set vip bonus
                 remote.setVIPBonus(20);
                
                 // logout
                 logout();
                 }
                
                 public void getRates(String user, String password) throws Exception {
                
                 // init
                 login(user, password);
                 MoneyExchangeRemote remote = getRemote();
                
                 // get rates
                 System.out.println("\n" + user + "'s rates:");
                
                 System.out.println(" CHF/EUR = "
                 + remote.getRate(CurrencyType.CHF, CurrencyType.EUR));
                
                 System.out.println(" CHF/USD = "
                 + remote.getRate(CurrencyType.CHF, CurrencyType.USD));
                
                 System.out.println(" USD/CHF = "
                 + remote.getRate(CurrencyType.USD, CurrencyType.CHF));
                
                 // get bonus
                 try {
                 System.out.println(" bonus is " + remote.getVIPBonus()
                 + " percent");
                
                 } catch (EJBAccessException e) {
                
                 System.out.println(" no bonus (access denied)");
                 }
                
                 // logout
                 logout();
                 }
                
                 public static void main(String[] args) {
                
                 try {
                 SimpleMoneyExchangeClient client = new SimpleMoneyExchangeClient();
                
                 client.setRates("admin", "verysecret");
                 client.getRates("tom", "secret");
                 client.getRates("sam", "anothersecret");
                
                 } catch (Exception e) {
                 e.printStackTrace();
                 }
                 }
                
                } // end of class