4 Replies Latest reply: Jan 23, 2009 3:50 AM by Tom Iten RSS

getCallerPrincipal().getName() cached? with JBoss 5.0.0.GA

Tom Iten Newbie

Hi everybody

I'm logging the Name of the Principal and getting always the same Name
from the first Invocation of the Bean. The calls are made from a standalone
Client under different User Names.

...
SessionContext ctx;

 public double getRate(CurrencyType from, CurrencyType to) {

 // get pricipal name
 System.out.println("getRate for user "
 + ctx.getCallerPrincipal().getName() );

 ...
 }





Any help is apprechiated.
Best Regards
Tom

  • 1. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
    Ragav Gomatam Novice

    YES, Jboss caches the Principal in your HttpSession till the duration of your seeion time out. Check the login-config.xml. You can turn it off if you desire

  • 2. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
    Tom Iten Newbie

    Hi

    I'm using stateless session bean. between separate client invocation i'm getting the same Principal Name. The roles changes to the new user, but
    the name is still the old.

    Is there also i timeout for stateless session beans? this would confuse me a bit since they go back to the pool.

    Best Regards
    Tom

  • 3. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
    Ragav Gomatam Novice

    I suppose you are doing

    LoginContext.login()

    from your client. After login, you must be invoking methods on a secured ejb. Did you check, if you are calling
    LoginContext.logout() ?

    after completing the call

    Also try setting "DefaultCacheTimeout" in the jboss-service.xml to 0. Try & see if it helps. Besides I am quite sure that it is not guaranteed by ejb container vendors to return different instances of stateless ejb's between different invocations. So, don't expect different stateless instances to be returned for different client invocations. You could be getting the same underlying instance. So don't programme expecting different instances to be returned.

    Yes, you can tinker around with the ejb pool. Be cautious whilst you do that

  • 4. Re: getCallerPrincipal().getName() cached? with JBoss 5.0.0.
    Tom Iten Newbie

    Hi ragavgomatam

    Thanks for your support. To your questions:

    yes i do login and logout. i have two different versions. one with the setSimple login method and one with jaas. i doesn't work for both.
    i tried the sample also with the proposed cache value set to 0, but i still have the same problem.

    The roles of the different user's are as expected, but the name is still the same. For stateless Session Beans there schouln't be any chaching of the pricipal since after a business call invokation the can be assigned to another client. What do you think?

    Best Regards
    Tom


    EJB Code:

    @Stateless
    @RemoteBinding(jndiBinding = "ejb/MoneyExchange")
    @SecurityDomain("MoneyExchangeDomain")
    @RolesAllowed("Customer")
    @DeclareRoles("VIP")
    public class MoneyExchangeBean implements MoneyExchangeRemote {
    
     @PersistenceContext(unitName = "MoneyExchangePu")
     private EntityManager em;
    
     @Resource
     SessionContext ctx;
    
     public double getRate(CurrencyType from, CurrencyType to) {
    
     // get pricipal name
     System.out.println("getRate for user "
     + ctx.getCallerPrincipal().getName());
    
     // get rate
     double rate = searchRate(from, to);
    
     // calculate bonus rate vor VIP's
     if (ctx.isCallerInRole("VIP")) {
     int percent = getVIPBonus();
     rate = rate * (1 + (percent / 100.0));
     }
    
     return rate;
     }
    
     @RolesAllowed("Administrator")
     public void setRates(List<Rate> rates) {
    
     em.createQuery("delete from Rate").executeUpdate();
    
     for (Rate rate : rates) {
     em.persist(rate);
     }
     }
    
     @RolesAllowed("VIP")
     public int getVIPBonus() {
    
     Bonus bonus = em.find(Bonus.class, "VIP");
     int result = 5; // default vip bonus in percent
    
     if (bonus != null) {
     result = bonus.getPercent();
     }
    
     return result;
     }
    
     @RolesAllowed("Administrator")
     public void setVIPBonus(int percent) {
     Bonus bonus = new Bonus("VIP", percent);
    
     if (em.find(Bonus.class, bonus.getRole()) == null) {
     em.persist(bonus);
     } else {
     em.merge(bonus);
     }
     }
    
     private double searchRate(CurrencyType from, CurrencyType to) {
    
     Rate rate;
     double result;
     Query query = em
     .createQuery("select r from Rate r where r.from=:from and r.to=:to");
    
     try {
    
     // search from/to
     query.setParameter("from", from);
     query.setParameter("to", to);
     rate = (Rate) query.getSingleResult();
    
     result = rate.getRate();
    
     } catch (NoResultException e) {
    
     // search to/from and swap rate
     query.setParameter("from", to);
     query.setParameter("to", from);
     rate = (Rate) query.getSingleResult();
    
     result = 1 / rate.getRate();
     }
    
     return result;
     }
    
    } // end of class
    



    Client with simple Login:
    public class SimpleMoneyExchangeClient {
    
     SecurityClient securityClient;
    
     private void login(String user, String password) throws Exception {
     securityClient = SecurityClientFactory.getSecurityClient();
     securityClient.setSimple(user, password.toCharArray());
     securityClient.login();
     }
    
     private void logout() {
     securityClient.logout();
     }
    
     private Context getInitialContext() throws NamingException {
    
     Hashtable<String, String> env = new Hashtable<String, String>();
    
     env.put(Context.INITIAL_CONTEXT_FACTORY,
     "org.jnp.interfaces.NamingContextFactory");
     env
     .put(Context.URL_PKG_PREFIXES,
     "org.jboss.naming;org.jnp.interfaces");
     env.put(Context.PROVIDER_URL, "jnp://localhost:1099");
    
     InitialContext initialContext = new InitialContext(env);
    
     return initialContext;
     }
    
     private MoneyExchangeRemote getRemote() throws Exception {
    
     // get initial context
     Context ctx = getInitialContext();
    
     // get object reference
     return (MoneyExchangeRemote) ctx.lookup("ejb/MoneyExchange");
     }
    
     public void setRates(String user, String password) throws Exception {
    
     // init
     login(user, password);
    
     MoneyExchangeRemote remote = getRemote();
    
     // set rates
     List<Rate> rates = new ArrayList<Rate>();
     rates.add(new Rate(CurrencyType.CHF, CurrencyType.USD, 0.83));
     rates.add(new Rate(CurrencyType.CHF, CurrencyType.EUR, 0.65));
     rates.add(new Rate(CurrencyType.EUR, CurrencyType.USD, 1.37));
    
     remote.setRates(rates);
    
     // set vip bonus
     remote.setVIPBonus(20);
    
     // logout
     logout();
     }
    
     public void getRates(String user, String password) throws Exception {
    
     // init
     login(user, password);
     MoneyExchangeRemote remote = getRemote();
    
     // get rates
     System.out.println("\n" + user + "'s rates:");
    
     System.out.println(" CHF/EUR = "
     + remote.getRate(CurrencyType.CHF, CurrencyType.EUR));
    
     System.out.println(" CHF/USD = "
     + remote.getRate(CurrencyType.CHF, CurrencyType.USD));
    
     System.out.println(" USD/CHF = "
     + remote.getRate(CurrencyType.USD, CurrencyType.CHF));
    
     // get bonus
     try {
     System.out.println(" bonus is " + remote.getVIPBonus()
     + " percent");
    
     } catch (EJBAccessException e) {
    
     System.out.println(" no bonus (access denied)");
     }
    
     // logout
     logout();
     }
    
     public static void main(String[] args) {
    
     try {
     SimpleMoneyExchangeClient client = new SimpleMoneyExchangeClient();
    
     client.setRates("admin", "verysecret");
     client.getRates("tom", "secret");
     client.getRates("sam", "anothersecret");
    
     } catch (Exception e) {
     e.printStackTrace();
     }
     }
    
    } // end of class