[JBoss-user] [Security & JAAS/JBoss] - SecurityAssociation principal not cleared after client login

[jwynett]

Hi: I'm using JBoss 4.0.3 with EJB3. I have a standalone client that accesses 
the server and uses the ClientLoginModule to login. 

After the client process ends, the SecurityAssociation principal and credential 
remain set in the thread in the server. This allows another client to have 
access on the same thread without providing credentials.

I've tried setting 'restore-login-identity' to true and false and the same for 
'multi-threaded' and this has no effect.

How can I get the SecurityAssociation to clear on the server after the client 
disconnects? Below is my client login code and auth.conf: 

  | 
  |     static LoginContext lc;
  | 
  |     static {
  |         CallbackHandler handler = new MyCallbackHandler("admin", "admin");
  | 
  |         try {
  |             lc = new LoginContext("client-login", handler);
  |             lc.login();
  |         }
  |         catch (LoginException e) {
  |             e.printStackTrace();
  |         }
  |     }
  | 
  |     static class MyCallbackHandler implements CallbackHandler {
  |         private String username;
  |         private String password;
  | 
  |         public MyCallbackHandler(String username, String password) {
  |             this.username = username;
  |             this.password = password;
  |         }
  | 
  |         public void handle(Callback[] callbacks)
  |                 throws IOException, UnsupportedCallbackException {
  |             for (int i = 0; i < callbacks.length; i++) {
  |                 if (callbacks instanceof NameCallback) {
  |                     NameCallback ncb = (NameCallback) callbacks;
  |                     ncb.setName(username);
  |                 }
  |                 else if (callbacks instanceof PasswordCallback) {
  |                     PasswordCallback pcb = (PasswordCallback) callbacks;
  |                     pcb.setPassword(password.toCharArray());
  |                 }
  |                 else {
  |                     throw new UnsupportedCallbackException
  |                             (callbacks, "Unrecognized Callback");
  |                 }
  |             }
  |         }
  |     }
  | 

  | client-login {
  |     org.jboss.security.ClientLoginModule required
  |     restore-login-identity="true"
  |     multi-threaded="true";
  | };
  | 

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3908775#3908775

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3908775


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user