11 Replies Latest reply: Jun 26, 2012 5:38 PM by Hubert Cumberdale RSS

Invoke logout() for a custom login module

Daniel Jipa Newbie

Hello,

 

How can I invoke the logout() method from my custom login module remotely from a swing client ?

It seems that the username and password are cached even after calling

 

System.exit(0);

 

From a web application embedded in the ear it seems that logout is called as expected upon session invalidation (without flushOnSessionInvalidation=true option)

 

 

Another question I have:

 

1) login with browser1 in web application (login method is getting called)

2) login with browser2 in web application with same credentials (login method is not getting called)

3) logout from browser2 (logout method is getting called)

4) call a ejb method from browser1(login method is getting called)

 

Is this behavior normal ?

  • 1. Re: Invoke logout() for a custom login module
    Daniel Jipa Newbie

    Daniel Jipa wrote:

     

    Hello,

     

    How can I invoke the logout() method from my custom login module remotely from a swing client ?

    It seems that the username and password are cached even after calling

     

    System.exit(0);
    


     

    The problem I have here is an audit it is used in application. Every time the JAAS login module is called a new record is inserted in an audit table. Due to the fact that the username and password are cached login method will never get called and new records won't be inserted.

  • 2. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    Hi Daniel,

    Have you got any answer for your question??? I have a same situation. I have a remote swing client, however i don't know how to logout a user from jboss.

  • 3. Re: Invoke logout() for a custom login module
    Daniel Jipa Newbie

    Hello

     

    You need to close the InitialContext opened at login.

  • 4. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    Thank you Daniel, i appreciate. i will try this on monday, now i am on holiday for two days.

  • 5. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    Hi Daniel,

     

    I tried to close InitialContext, but it didn't work. JBOSS keeps my credentials in its cache. I tried the code below is it ok? If wrong, please correct me.

     

    My client code:

     

    Properties pr = new Properties();

    pr.put("endpoint.name", "client-endpoint");

    pr.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

    pr.put("remote.connections", "default");

    pr.put("remote.connection.default.port", "4447");

    pr.put("remote.connection.default.host", "10.204.10.54");

    pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");

    pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");

    pr.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

    pr.put("remote.connection.default.username", "49351259682");

    pr.put("remote.connection.default.password", "Test12345");

    EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(pr);

    ContextSelector < EJBClientContext > selector = new ConfigBasedEJBClientContextSelector(cc);

    EJBClientContext.setSelector(selector);

     

     

    Properties props = new Properties();

    props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

    props.put("jboss.naming.client.ejb.context", true);

     

     

    try {

          Context c = new InitialContext(props);

          kullaniciEJB = (KullaniciEJBRemote) c.lookup("ejb:merveys-kayit-tckkys/merveys-kayit-ejb-tckkysKullaniciEJB!tr.gov.tubitak.bilgem.uekae.deys.tckk.merveys.common.controller.ejb.kullanici.KullaniciEJBRemote");

          int count = kullaniciEJB.countKartIslemList(1L, null, null);

         c.close();

    } catch (NamingException e) {

          e.printStackTrace();

    }

  • 6. Re: Invoke logout() for a custom login module
    Daniel Jipa Newbie

    Hello Serkan,

     

    For me this context closing worked in the way that if I enter wrong credentials again in the same authenticated jvm the login module will get called and wrong password will not be accepted. Unfortunatelly I could not find a solution to invoke the logout method directly from client.

  • 7. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    Unfortunatelly I could not find a solution to invoke the logout method directly from client.

    Thank you Daniel for your reply. Actually i want to logout the user, i mean clearing jboss cache, when the user wants to close remote application. So, i can call a remote ejb to clear jboss cache. This remote ejb will call necessary logout code in container. Is the code below enough for this???

     

    try {

                                  MBeanServerConnection mbeanServerConnection = ManagementFactory.getPlatformMBeanServer();

                                  ObjectName mbeanName = new ObjectName("jboss.as:subsystem=security,security-domain=CaponeJaas");

                                  mbeanServerConnection.invoke(mbeanName, "flushCache", null, null);

                        } catch (Exception e) {

                                  throw new SecurityException(e);

                        }

  • 8. Re: Invoke logout() for a custom login module
    Daniel Jipa Newbie

    Hello,

     

    This code just logs out and then logs in the users with the same credentials. I think this is only good for updating roles for logged users.

  • 9. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    I think i will raise a bug or a feature request for this discussion, i have not found a solution yet

  • 10. Re: Invoke logout() for a custom login module
    Serkan Yıldırım Newbie

    I raised a feature request for this discussion, thanks Daniel for your help.

     

    https://issues.jboss.org/browse/AS7-4680

  • 11. Re: Invoke logout() for a custom login module
    Hubert Cumberdale Newbie

    Would the following be possible?

     

    The user clicks on logout. The client application calls close() on the InitialContext which was used to get the proxies. After this a server method is called by the client application that flushes the jaas authentication cache providing the name of the user who just logged out as parameter (code can befound here: https://community.jboss.org/message/614629). Then when the user logs in again a new InitialContext gets created. The username and password are provided programmatically via:

     

    jndiProperties.put(Context.SECURITY_PRINCIPAL, principal);

    jndiProperties.put(Context.SECURITY_CREDENTIALS, credential);

    new InitialContext(jndiProperties);

     

    Of course all of this wouldn't be very secure because the client application could be manipulated so that flush would never be called at the server. So a suitable DefaultCacheTimeout is still required. (Unfortunately I don't know how to set this in AS7).