4 Replies Latest reply on Apr 7, 2011 4:54 AM by Tommy Shum

    Relogin after 30 minutes

    Raluca Popa Newbie


      I am using JBoss 4.0.5 GA.

      Class [Custom]JaasSecurityManager has a function called isValid which contains this part of code:

      public boolean isValid(Principal principal, Object credential,
       Subject activeSubject) {
       boolean isValid = false;
       if (cacheInfo != null) {
       isValid = validateCache(cacheInfo, credential, activeSubject);
      //Q1 if (cacheInfo != null)
       if (isValid == false)
       isValid = authenticate(principal, credential, activeSubject);

      The first question is: line with comment //Q1 - is something changed meanwhile, e.g cacheInfo that it's needed a new check for cacheInfo?
      In my application I get always relogin at every 30 miuntes.
      I am already authenticated when at every 30 minutes it relogins.
      JBoss is let to do its job to destroy everything it needs when the timeout appears.

      I called a dumpStack to see who's calling the logout every 30 minutes and I got this:

      16:37:08,204 INFO [STDOUT] **************AMJBossLoginModule --- logout
      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      java.security.AccessController.doPrivileged(Native Method)
      16:37:08,392 INFO [STDOUT] **************AMJBossLoginModule --- login

      So isvalid() calls logout. Then
      isValid = validateCache(cacheInfo, credential, activeSubject);
      does not set isValid to true ['cause otherwise it wouldn't had authenticate(principal, credential, activeSubject) again.].
      It validates the cache, cacheInfo is released and then it autheticates again although I've been already authenticated 30 minutes ago, and I've been making operation with the application meanwhile.

      I was thinking it's just the cache mechanism and there is nothing to be done..

      The 2nd question is: Can there be done something to get rid of the relogin every 30 minutes?

      Please advice, thank you.

        • 1. Re: Relogin after 30 minutes
          Mircea Markus Master

          This is not related to JBossCache

          • 2. Re: Relogin after 30 minutes
            Raluca Popa Newbie


            "mircea.markus" wrote:
            This is not related to JBossCache

            okay, I see, it's not related to JBoss Cache, but it's related on authenticated users cache.

            • 3. Re: Relogin after 30 minutes
              Raluca Popa Newbie

              The solution might be, istead of having a simple "return false;" for JaasSecurityManager.refresh(), it may be replaced with this:

              public boolean refresh() {
               expirationTime = System.currentTimeMillis() + (1000 * lifetime);
              //where lifetime usually = DefaultCacheTimeout value from jboss-service.xml
               return true;

              Hope this helps. It worked in my case.

              • 4. Re: Relogin after 30 minutes
                Tommy Shum Newbie



                I'm having the issue to extend the expiration time. Where is this function (refresh()) located? We can change jboss code?


                I found a source in internet to set DefaultCacheTimeout=-1 but it doesn't seem working. Does jboss really support such setting?



                JBAS-2226, The JaasSecurityManagerService DefaultCacheTimeout attribute as applied to the default JaasSecurityManager timed cache policy entries has a bug which limits the effective maximum timeout to Integer.MAX_VALUE/1000 due to a seconds to milliseconds conversion. Since values in the MAX_VALUE range are typically an attempt to never expire an entry, support for indicating this has been added by interpretting a DefaultCacheTimeout value of -1 to mean no expiration. Previously any negative value was the same as 0, and indicated that no caching would occur. Impact: If your are using a value of -1 to indicate that caching should be disabled, you need to change your configuration value to 0.