[jboss-user] [Security & JAAS/JBoss] - Re: Logout from a WebService application

Wed, 30 Jan 2008 11:42:24 -0800 

I have a similar problem. I am developing a Adobe Flex application that sends 
commands to a secure (via JAAS basic authentication) JBoss Java servlet. My 
version of JBoss is 4.2.2.GA. When a logout command is sent by the client 
application, I attempt to invalidate the session by calling the getSession() 
method on the HttpServletRequest object and then calling the invalidate() 
method on the returned session. However, this does not call the logout method 
of my custom login module (which extends the AbtractServerLoginModule), remove 
the principal from the JBoss JaasSecurityManager cache, nor apparently cause 
the authentication cache of Internet Explorer to clear. I'm not certain it even 
works at all. My jboss-web.xml in the application .ear contains the following:


  | <?xml version="1.0" encoding="UTF-8"?>
  | <jboss-web>
  |     <security-domain 
flushOnSessionInvalidation="true">java:/jaas/MyRealm</security-domain>
  | </jboss-web>
  | 

which as I understand it, should cause the logout to occur on session 
invalidation.

I did add the following code to clear the JaasSecurityManager cache 
programatically (which calls my logout method), but that still leaves the cache 
on Internet Explorer intact (and I suspect that the session has not truly been 
invalidated)...


  | String domain = "MyRealm";
  | Principal user = req.getUserPrincipal(); // req is HttpServletRequest
  | ObjectName jaasMgr = new ObjectName( 
"jboss.security:service=JaasSecurityManager" );
  | Object[] params = { domain, user };
  | String[] signature = { "java.lang.String", Principal.class.getName() };
  | MBeanServer server = ( MBeanServer ) MBeanServerFactory.findMBeanServer( 
null ).get( 0 );
  | server.invoke( jaasMgr, "flushAuthenticationCache", params, signature );
  | 

Any thoughts or suggestions? I could really use some expert advice...

Kerry

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4124913#4124913

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4124913
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to