[JBoss-user] [Security & JAAS/JBoss] - Re: logout when having used j_security_check

Fri, 14 May 2004 07:46:36 -0700 

Hi here is the code. 


  | public void logout() throws Exception {
  |             if (getSubject() == null)
  |                     throw new Exception();
  |             Set principals = getSubject().getPrincipals();
  |             if (principals.size() > 0) {
  |                     Iterator i = principals.iterator();
  |                     NestableGroup roles = null;
  |                     NestableGroup callerPrincipal = null;
  |                     MyPrincipal user = null;
  |                     while (i.hasNext()) {
  |                             Object group = i.next();
  |                             if (group instanceof MyPrincipal)
  |                                     user = (MyPrincipal) group;
  |                             if (group instanceof NestableGroup) {
  |                                     NestableGroup nGroup = (NestableGroup) group;
  |                                     if (nGroup.getName() == "Roles")
  |                                             roles = nGroup;
  |                                     if (nGroup.getName() == "Callerprincipal")
  |                                             callerPrincipal = nGroup;
  |                             }
  |                     }
  |                     principals.remove(user);
  |                     principals.remove(roles);
  |                     principals.remove(callerPrincipal);
  |                     flushAuthCache(user);
  |             } 
  |     }
  | 
  | 
  | private void flushAuthCache(MyPrincipal user) throws Exception {
  |             try {
  |                     String domain = getDomain(user);
  |                     if ((user!= null) && (domain != null)) {
  |                             
  |                                                             InitialContext ctx = 
new InitialContext();
  |                             RMIAdaptor jbossServer = (RMIAdaptor) 
ctx.lookup("jmx/invoker/RMIAdaptor");
  |                             ObjectName jaasMgr = new 
ObjectName("jboss.security:service=JaasSecurityManager");
  |                             Object[] params = { domaene, benutzer };
  |                             String[] signature = { "java.lang.String", 
"java.security.Principal" };
  |                             jbossServer.invoke(jaasMgr, 
"flushAuthenticationCache", params, signature);
  |                                                     } 
  |             } catch (Exception e) {
  |                     throw new Exception();
  |             }
  | 
  |     }
  | 

Is this code OK?
Is it dangereous to empty the Subject?

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3834983#3834983

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3834983


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to