12 Replies Latest reply on Jul 22, 2016 4:54 PM by lesquivel

    Invoke logout() for a custom login module

    danjee

      Hello,

       

      How can I invoke the logout() method from my custom login module remotely from a swing client ?

      It seems that the username and password are cached even after calling

       

      System.exit(0);
      

       

      From a web application embedded in the ear it seems that logout is called as expected upon session invalidation (without flushOnSessionInvalidation=true option)

       

       

      Another question I have:

       

      1) login with browser1 in web application (login method is getting called)

      2) login with browser2 in web application with same credentials (login method is not getting called)

      3) logout from browser2 (logout method is getting called)

      4) call a ejb method from browser1(login method is getting called)

       

      Is this behavior normal ?

        • 1. Re: Invoke logout() for a custom login module
          danjee

          Daniel Jipa wrote:

           

          Hello,

           

          How can I invoke the logout() method from my custom login module remotely from a swing client ?

          It seems that the username and password are cached even after calling

           

          System.exit(0);
          


           

          The problem I have here is an audit it is used in application. Every time the JAAS login module is called a new record is inserted in an audit table. Due to the fact that the username and password are cached login method will never get called and new records won't be inserted.

          • 2. Re: Invoke logout() for a custom login module
            sekobey

            Hi Daniel,

            Have you got any answer for your question??? I have a same situation. I have a remote swing client, however i don't know how to logout a user from jboss.

            • 3. Re: Invoke logout() for a custom login module
              danjee

              Hello

               

              You need to close the InitialContext opened at login.

              • 4. Re: Invoke logout() for a custom login module
                sekobey

                Thank you Daniel, i appreciate. i will try this on monday, now i am on holiday for two days.

                • 5. Re: Invoke logout() for a custom login module
                  sekobey

                  Hi Daniel,

                   

                  I tried to close InitialContext, but it didn't work. JBOSS keeps my credentials in its cache. I tried the code below is it ok? If wrong, please correct me.

                   

                  My client code:

                   

                  Properties pr = new Properties();

                  pr.put("endpoint.name", "client-endpoint");

                  pr.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

                  pr.put("remote.connections", "default");

                  pr.put("remote.connection.default.port", "4447");

                  pr.put("remote.connection.default.host", "10.204.10.54");

                  pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");

                  pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

                  pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

                  pr.put("remote.connection.default.username", "49351259682");

                  pr.put("remote.connection.default.password", "Test12345");

                  EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(pr);

                  ContextSelector < EJBClientContext > selector = new ConfigBasedEJBClientContextSelector(cc);

                  EJBClientContext.setSelector(selector);

                   

                   

                  Properties props = new Properties();

                  props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

                  props.put("jboss.naming.client.ejb.context", true);

                   

                   

                  try {

                        Context c = new InitialContext(props);

                        kullaniciEJB = (KullaniciEJBRemote) c.lookup("ejb:merveys-kayit-tckkys/merveys-kayit-ejb-tckkysKullaniciEJB!tr.gov.tubitak.bilgem.uekae.deys.tckk.merveys.common.controller.ejb.kullanici.KullaniciEJBRemote");

                        int count = kullaniciEJB.countKartIslemList(1L, null, null);

                       c.close();

                  } catch (NamingException e) {

                        e.printStackTrace();

                  }

                  • 6. Re: Invoke logout() for a custom login module
                    danjee

                    Hello Serkan,

                     

                    For me this context closing worked in the way that if I enter wrong credentials again in the same authenticated jvm the login module will get called and wrong password will not be accepted. Unfortunatelly I could not find a solution to invoke the logout method directly from client.

                    • 7. Re: Invoke logout() for a custom login module
                      sekobey

                      Unfortunatelly I could not find a solution to invoke the logout method directly from client.

                      Thank you Daniel for your reply. Actually i want to logout the user, i mean clearing jboss cache, when the user wants to close remote application. So, i can call a remote ejb to clear jboss cache. This remote ejb will call necessary logout code in container. Is the code below enough for this???

                       

                      try {

                                                    MBeanServerConnection mbeanServerConnection = ManagementFactory.getPlatformMBeanServer();

                                                    ObjectName mbeanName = new ObjectName("jboss.as:subsystem=security,security-domain=CaponeJaas");

                                                    mbeanServerConnection.invoke(mbeanName, "flushCache", null, null);

                                          } catch (Exception e) {

                                                    throw new SecurityException(e);

                                          }

                      • 8. Re: Invoke logout() for a custom login module
                        danjee

                        Hello,

                         

                        This code just logs out and then logs in the users with the same credentials. I think this is only good for updating roles for logged users.

                        • 9. Re: Invoke logout() for a custom login module
                          sekobey

                          I think i will raise a bug or a feature request for this discussion, i have not found a solution yet

                          • 10. Re: Invoke logout() for a custom login module
                            sekobey

                            I raised a feature request for this discussion, thanks Daniel for your help.

                             

                            https://issues.jboss.org/browse/AS7-4680

                            • 11. Re: Invoke logout() for a custom login module
                              hub3rt

                              Would the following be possible?

                               

                              The user clicks on logout. The client application calls close() on the InitialContext which was used to get the proxies. After this a server method is called by the client application that flushes the jaas authentication cache providing the name of the user who just logged out as parameter (code can befound here: https://community.jboss.org/message/614629). Then when the user logs in again a new InitialContext gets created. The username and password are provided programmatically via:

                               

                              jndiProperties.put(Context.SECURITY_PRINCIPAL, principal);

                              jndiProperties.put(Context.SECURITY_CREDENTIALS, credential);

                              new InitialContext(jndiProperties);

                               

                              Of course all of this wouldn't be very secure because the client application could be manipulated so that flush would never be called at the server. So a suitable DefaultCacheTimeout is still required. (Unfortunately I don't know how to set this in AS7).

                              • 12. Re: Invoke logout() for a custom login module
                                lesquivel

                                Hello,

                                 

                                I am using Wildfly10 and have been experiencing this same issue.  The issue shows as resolved but can't seem to find how it got resolved.  Can anyone help?  I need to be able to clear the security domain cache once the session expires.

                                 

                                Thank you for your help!