Hi Kumar,
I've written my own Custom Realm and Login module with a custom
authentication procedure.
After the authentication succeeds i call the commitUserAuthentication which
is part of the AppservPasswordLoginModule to commit the userAuthentication.
Glassfish now stores the username and groupname in the Principal & Subject
of the current SecurityContext. Login mechanism works fine on the web
interface with no glitches. The problem occurs when I re-start the glassfish
domain/server. Ideally on server restart, the security context should have
got cleared but it doesn't happen and I'm able to
access the web interface without any re-login.... The user-session is
invalidated by the web only on logout request, which works fine. I'm having
problems only with the domain/server restart.. Could you please help me
out??
Regards
Skanda
kumarjayanti wrote:
>
> Skanda Prasad wrote:
>> Hi All,
>>
>> I'm clearing the SecurityContext on server shutdown using the following
>> code:
>>
>> com.sun.enterprise.security.SecurityContext.setCurrent(null);
>> com.sun.enterprise.security.SecurityContext sc =
>> com.sun.enterprise.security.SecurityContext.getCurrent();
>> sc.getSubject().getPrincipals().clear();
>> sc.getSubject().getPrivateCredentials().clear();
>> sc.getSubject().getPublicCredentials().clear();
>>
>> But after the domain/server restart, i find that all the Principals still
>> exist in the SecurityContext....
>>
>> Could someone please let me know how to clear the SecurityContext???
>>
>>
> Not sure what you mean by : "i find that all the Principals still
> exist" (i mean can you give us a testcase of what you are trying to
> do). Clearing SecurityContext during shutdown does not seem to make
> sense (unless i am missing your point) since it is not a Persistent
> entity.
>
> Note : SecurityContext.getCurrent() will always return a Non-Null value
> (even if there was a preceeding call to
> SecurityContext.setCurrent(null)) and the getSubject() call on it may
> have a default empty subject.
>
> regards,
> kumar
>
>> Regards,
>> Skanda
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
>
>
--
View this message in context: http://www.nabble.com/SecurityContext-does-not-get-cleared-on-server-restart-tp25986611p25992922.html
Sent from the java.net - glassfish dev mailing list archive at Nabble.com.