-
1. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
ragavgomatam Jan 19, 2009 12:53 PM (in response to tom.iten)YES, Jboss caches the Principal in your HttpSession till the duration of your seeion time out. Check the login-config.xml. You can turn it off if you desire
-
2. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
tom.iten Jan 20, 2009 2:29 PM (in response to tom.iten)Hi
I'm using stateless session bean. between separate client invocation i'm getting the same Principal Name. The roles changes to the new user, but
the name is still the old.
Is there also i timeout for stateless session beans? this would confuse me a bit since they go back to the pool.
Best Regards
Tom -
3. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
ragavgomatam Jan 20, 2009 8:57 PM (in response to tom.iten)I suppose you are doing
LoginContext.login()
from your client. After login, you must be invoking methods on a secured ejb. Did you check, if you are callingLoginContext.logout() ?
after completing the call
Also try setting "DefaultCacheTimeout" in the jboss-service.xml to 0. Try & see if it helps. Besides I am quite sure that it is not guaranteed by ejb container vendors to return different instances of stateless ejb's between different invocations. So, don't expect different stateless instances to be returned for different client invocations. You could be getting the same underlying instance. So don't programme expecting different instances to be returned.
Yes, you can tinker around with the ejb pool. Be cautious whilst you do that -
4. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
tom.iten Jan 23, 2009 3:50 AM (in response to tom.iten)Hi ragavgomatam
Thanks for your support. To your questions:
yes i do login and logout. i have two different versions. one with the setSimple login method and one with jaas. i doesn't work for both.
i tried the sample also with the proposed cache value set to 0, but i still have the same problem.
The roles of the different user's are as expected, but the name is still the same. For stateless Session Beans there schouln't be any chaching of the pricipal since after a business call invokation the can be assigned to another client. What do you think?
Best Regards
Tom
EJB Code:@Stateless @RemoteBinding(jndiBinding = "ejb/MoneyExchange") @SecurityDomain("MoneyExchangeDomain") @RolesAllowed("Customer") @DeclareRoles("VIP") public class MoneyExchangeBean implements MoneyExchangeRemote { @PersistenceContext(unitName = "MoneyExchangePu") private EntityManager em; @Resource SessionContext ctx; public double getRate(CurrencyType from, CurrencyType to) { // get pricipal name System.out.println("getRate for user " + ctx.getCallerPrincipal().getName()); // get rate double rate = searchRate(from, to); // calculate bonus rate vor VIP's if (ctx.isCallerInRole("VIP")) { int percent = getVIPBonus(); rate = rate * (1 + (percent / 100.0)); } return rate; } @RolesAllowed("Administrator") public void setRates(List<Rate> rates) { em.createQuery("delete from Rate").executeUpdate(); for (Rate rate : rates) { em.persist(rate); } } @RolesAllowed("VIP") public int getVIPBonus() { Bonus bonus = em.find(Bonus.class, "VIP"); int result = 5; // default vip bonus in percent if (bonus != null) { result = bonus.getPercent(); } return result; } @RolesAllowed("Administrator") public void setVIPBonus(int percent) { Bonus bonus = new Bonus("VIP", percent); if (em.find(Bonus.class, bonus.getRole()) == null) { em.persist(bonus); } else { em.merge(bonus); } } private double searchRate(CurrencyType from, CurrencyType to) { Rate rate; double result; Query query = em .createQuery("select r from Rate r where r.from=:from and r.to=:to"); try { // search from/to query.setParameter("from", from); query.setParameter("to", to); rate = (Rate) query.getSingleResult(); result = rate.getRate(); } catch (NoResultException e) { // search to/from and swap rate query.setParameter("from", to); query.setParameter("to", from); rate = (Rate) query.getSingleResult(); result = 1 / rate.getRate(); } return result; } } // end of class
Client with simple Login:public class SimpleMoneyExchangeClient { SecurityClient securityClient; private void login(String user, String password) throws Exception { securityClient = SecurityClientFactory.getSecurityClient(); securityClient.setSimple(user, password.toCharArray()); securityClient.login(); } private void logout() { securityClient.logout(); } private Context getInitialContext() throws NamingException { Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); env .put(Context.URL_PKG_PREFIXES, "org.jboss.naming;org.jnp.interfaces"); env.put(Context.PROVIDER_URL, "jnp://localhost:1099"); InitialContext initialContext = new InitialContext(env); return initialContext; } private MoneyExchangeRemote getRemote() throws Exception { // get initial context Context ctx = getInitialContext(); // get object reference return (MoneyExchangeRemote) ctx.lookup("ejb/MoneyExchange"); } public void setRates(String user, String password) throws Exception { // init login(user, password); MoneyExchangeRemote remote = getRemote(); // set rates List<Rate> rates = new ArrayList<Rate>(); rates.add(new Rate(CurrencyType.CHF, CurrencyType.USD, 0.83)); rates.add(new Rate(CurrencyType.CHF, CurrencyType.EUR, 0.65)); rates.add(new Rate(CurrencyType.EUR, CurrencyType.USD, 1.37)); remote.setRates(rates); // set vip bonus remote.setVIPBonus(20); // logout logout(); } public void getRates(String user, String password) throws Exception { // init login(user, password); MoneyExchangeRemote remote = getRemote(); // get rates System.out.println("\n" + user + "'s rates:"); System.out.println(" CHF/EUR = " + remote.getRate(CurrencyType.CHF, CurrencyType.EUR)); System.out.println(" CHF/USD = " + remote.getRate(CurrencyType.CHF, CurrencyType.USD)); System.out.println(" USD/CHF = " + remote.getRate(CurrencyType.USD, CurrencyType.CHF)); // get bonus try { System.out.println(" bonus is " + remote.getVIPBonus() + " percent"); } catch (EJBAccessException e) { System.out.println(" no bonus (access denied)"); } // logout logout(); } public static void main(String[] args) { try { SimpleMoneyExchangeClient client = new SimpleMoneyExchangeClient(); client.setRates("admin", "verysecret"); client.getRates("tom", "secret"); client.getRates("sam", "anothersecret"); } catch (Exception e) { e.printStackTrace(); } } } // end of class