Anyone know how to set how long EJB3 user credentials are cached?
Think this is somehow the issue but I dont know how to configure this.
I set org.jboss.remoting priority to DEBUG on server side
and as long as my next method invocation on the EJB3 is within 60 seconds, I get the following
which looks like the user credentials are being tested against some cache of ejb method invocation credentials.
Great, just how do I keep those cache entries alive longer than 60 seconds??
Please ANY help greatly appreciated.
12:51:12,893 TRACE [SecurityRolesAssociation] Setting threadlocal:null
12:51:12,900 TRACE [Hochheim] Begin isValid, principal:185436, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@41671bc1[Subject(1072935637).principals=org.jboss.security.SimplePrincipal@1571561967(185436)org.jboss.security.SimpleGroup@424398532(Roles(members:participant,principal,185436,agent)),credential.class=java.lang.String@1121675292,expirationTime=1263237041793]
12:51:12,900 TRACE [Hochheim] Begin validateCache, info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@41671bc1[Subject(1072935637).principals=org.jboss.security.SimplePrincipal@1571561967(185436)org.jboss.security.SimpleGroup@424398532(Roles(members:participant,principal,185436,agent)),credential.class=java.lang.String@1121675292,expirationTime=1263237041793];credential.class=java.lang.String@1121675292
12:51:12,900 TRACE [Hochheim] End validateCache, isValid=true
12:51:12,901 TRACE [Hochheim] End isValid, true
12:51:12,901 TRACE [LogAuditProvider] [Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=185436;method=queryAS400PolicyApps;
12:51:12,931 TRACE [JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
12:51:12,932 TRACE [EJBPolicyModuleDelegate] method=public java.util.List com.hochheim.amproxy.ejb.AgencyManagerProxyBean.queryAS400PolicyApps(com.hochheim.data.PolicyQuery), interface=Remote, requiredRoles=Roles(member,participant,)
12:51:12,932 TRACE [LogAuditProvider] [Success]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@114b46e6}:method=public java.util.List com.hochheim.amproxy.ejb.AgencyManagerProxyBean.queryAS400PolicyApps(com.hochheim.data.PolicyQuery):ejbMethodInterface=Remote:ejbName=AgencyManagerProxyBean:ejbPrincipal=185436:MethodRoles=Roles(member,participant,):securityRoleReferences=null:callerSubject=Subject:
Principal: 185436
Principal: Roles(members:participant,principal,185436,agent)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@114b46e6;
12:51:13,067 INFO [AgencyManagerProxyBean] SELECT B.NISRCH as searchname, CONCAT(CONCAT(CONCAT(CONCAT(CONCAT(CONCAT(TRIM(B.NIBLNR),' '),TRIM(B.NISTNM)),' '),TRIM(B.NIAPT#)),' '),TRIM(B.NIADR2)) as streetaddress, CONCAT(CONCAT(CONCAT(CONCAT(CONCAT(CONCAT(TRIM(C.NIBLNR),' '),TRIM(C.NISTNM)),' '),TRIM(C.NIAPT#)),' '),TRIM(C.NIADR2)) as locaddress, B.NICITY as city, B.NISTAT as state, B.NIZIPC as zip, DIGITS(B.NIPHA1) || DIGITS(B.NIPHP1) || DIGITS(B.NIPHN1) || DIGITS(B.NIPHX1) as phone, B.NICLID as membernumber, A.POLTYP as policytype, DIGITS(A.PMPLNR) as policynumber, A.PMPRFX as policyprefix, A.COMP# as company, A.GROUP as policygroup, A.PMSTAT as status, A.PMTEFFDTE as effdate, A.PMTEXPDTE as expdate, A.PMACCNDTE as candate, A.PMOEFFDTE as originaleffdate, A.PMNSRC as policyStateString, A.AGSUB# as agentNumber FROM CIPOMF A LEFT JOIN CINMAD B ON A.PMCLID = B.NICLID LEFT JOIN CINMAD C ON A.PMCLID = C.NICLID AND A.COMP# = C.NICONR AND A.PMPRFX = C.NIPRFX AND A.PMPLNR = C.NIPLNR WHERE A.AGGEN# = 'AGT' AND A.AGSUB# = '185436' AND B.NIRCTP IN('INS','IN2') AND B.NIDLMM = 0 AND C.NIRCTP = 'LOC' AND C.NIDLMM = 0 AND C.NIPLLC = (select max(d.nipllc) from cinmad d where a.pmclid = d.niclid and a.comp# = d.niconr and a.pmprfx = d.niprfx and a.pmplnr = d.niplnr and c.nirctp=d.nirctp and d.nidlmm=0) and ( (A.PMSTAT = 'A' and DATE(A.PMTEXPDTE) >= DATE(CURRENT_TIMESTAMP)) or (A.PMSTAT = 'C' and DATE(A.PMACCNDTE) >= DATE(CURRENT_TIMESTAMP)) )
12:51:19,248 TRACE [SecurityRolesAssociation] Setting threadlocal:null
12:51:19,248 TRACE [SecurityRolesAssociation] Setting threadlocal:null
AFTER 60 seconds it does not seem to even attempt to access the cache.
{quote}
12:55:13,693 TRACE [SecurityRolesAssociation] Setting threadlocal:null
12:55:13,737 TRACE [Hochheim] Begin isValid, principal:null, cache info: null
12:55:13,737 TRACE [Hochheim] defaultLogin, principal=null
12:55:13,737 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(Hochheim), size=12
12:55:13,737 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(Hochheim), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: com.hochheim.user.jboss.HochheimLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=dsJndiName, value=java:/HochheimDS
[1]
LoginModule Class: org.jboss.security.ClientLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
12:55:13,737 INFO [HochheimLoginModule] Using java:/HochheimDS as our data source
12:55:13,739 INFO [HochheimLoginModule] Getting password for null
12:55:13,739 INFO [HochheimLoginModule] getUsersPassword query: SELECT * FROM hpfm_user WHERE username = ?
12:55:13,780 TRACE [ClientLoginModule] Security domain: Hochheim
12:55:13,782 TRACE [ClientLoginModule] Enabling restore-login-identity mode
12:55:13,782 TRACE [ClientLoginModule] Begin login
12:55:13,782 TRACE [ClientLoginModule] Obtained login: null, credential.class: null
12:55:13,782 TRACE [ClientLoginModule] End login
12:55:13,788 TRACE [ClientLoginModule] abort
12:55:13,788 TRACE [Hochheim] Login failure
javax.security.auth.login.FailedLoginException: Username does not exists
at com.hochheim.user.jboss.HochheimLoginModule.getUsersPassword(HochheimLoginModule.java:58)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:87)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:164)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:421)
at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at org.jboss.remoting.transport.servlet.ServletServerInvoker.processRequest(ServletServerInvoker.java:388)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.processRequest(ServerInvokerServlet.java:404)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.processRequest(ServerInvokerServlet.java:142)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.doPost(ServerInvokerServlet.java:171)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:637)
12:55:14,042 TRACE [Hochheim] End isValid, false
12:55:14,043 TRACE [LogAuditProvider] [Error]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=queryAS400PolicyApps;
12:55:14,043 TRACE [LogAuditProvider] [Failure]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=queryAS400PolicyApps;
12:55:14,043 DEBUG [ServletServerInvoker] Error thrown calling invoke on server invoker.
javax.ejb.EJBAccessException: Invalid User
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:165)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:421)
at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
at org.jboss.remoting.transport.servlet.ServletServerInvoker.processRequest(ServletServerInvoker.java:388)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.processRequest(ServerInvokerServlet.java:404)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.processRequest(ServerInvokerServlet.java:142)
at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.doPost(ServerInvokerServlet.java:171)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:637)
12:55:14,169 TRACE [SecurityRolesAssociation] Setting threadlocal:null
12:55:14,216 TRACE [SecurityRolesAssociation] Setting threadlocal:null
{quote}