aspose file tools*
The moose likes JBoss/WildFly and the fly likes JBOSS session sharing issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "JBOSS session sharing issue " Watch "JBOSS session sharing issue " New topic
Author

JBOSS session sharing issue

Rajesh Unnithan
Greenhorn

Joined: Feb 20, 2009
Posts: 22
Hi,

I have 2 ears deployed in JBOSS AS5.0. the first ear performs the login through DatabaseServerLoginModule.
After the successful logging in the application displays a page with links to other application, where the logged in user have roles.

Till this time everything works fine.

Now when the user clicks on any link in this page to launch the specific application (This app is in another ear)


From the logs what i am getting is Failed authenticate() test

2009-02-20 15:49:41,113 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Calling authenticate()
2009-02-20 15:49:41,113 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-127.0.0.1-8080-1) Save request in session '84809F9A31FA276F5CC0E05BE653DAC2'
2009-02-20 15:49:41,113 TRACE [org.apache.catalina.core.StandardWrapper] (http-127.0.0.1-8080-1) Returning non-STM instance
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,113 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,129 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-127.0.0.1-8080-1) jsp, runAs: null
2009-02-20 15:49:41,129 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/admin].[jsp]] (http-127.0.0.1-8080-1) Disabling the response for futher output
2009-02-20 15:49:41,129 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Failed authenticate() test
2009-02-20 15:49:41,129 TRACE [org.jboss.security.SecurityRolesAssociation] (http-127.0.0.1-8080-1) Setting threadlocal:null


One thing I noticed is like JBOSS is again trying to do an authentication against the logged in user when he clicks on the link. I don’t know why it has to do it again.
I was expecting the role already authorized should follow to the subsequent requests?
Another thing I noticed is when the user logs in to the application one sessionID is created .After logging in when clicks on the link to launch other application, it creates another session ID


I suspect this could be the reason why the second app is again going for an authentication against the role.

Please advice what needs to be done in this scenario?


Appreciate your help
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9280
    
  17

Hi harrikrishnan, welcome to javaranch.

Well I'm not a pro at this, but I don't think you can share session between between applications. I don't know about enterprise applications, but I think this is not possible for normal web applications i.e. war files. A session is only valid for one context path that's what I know...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Rajesh Unnithan
Greenhorn

Joined: Feb 20, 2009
Posts: 22
Hi Ankit,

Thanks for your replay.

The same scenario is working fine with a JRUN4 App Server. I am trying to migrate these application from JRUN to JBOSS.

Regards
Harikrishnan
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 9329
    
110

Ankit is right. Sessions are per application. What you are looking for is probably Single Sign On (SSO). These might help you get started:

http://www.jboss.org/community/docs/DOC-12280

http://www.jboss.org/jbosssso/


[My Blog] [JavaRanch Journal]
Rajesh Unnithan
Greenhorn

Joined: Feb 20, 2009
Posts: 22
Hi Jaikiran,

Thanks for your response.

I will try with the SSO and update you the status.

Appreciate youe help.


Regards
Harikrishnan
Rajesh Unnithan
Greenhorn

Joined: Feb 20, 2009
Posts: 22
Hi Jaikiran,

I tried to configure the SSO implementation by editing the server.xml file.
I gave the requireReauthentication = "true".
Now I am able to make some more progress. The user is authenticated successfully but I am getting a null pointer exception.

Do you have any idea why it’s happening like this?

Please find the log below.

2009-02-23 09:04:38,880 DEBUG [org.apache.catalina.realm.RealmBase] (http-127.0.0.1-8080-1) Checking constraint 'SecurityConstraint[UserAdminResources]' against GET /adminaction --> true
2009-02-23 09:04:38,880 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Calling hasUserDataPermission()
2009-02-23 09:04:38,880 DEBUG [org.apache.catalina.realm.RealmBase] (http-127.0.0.1-8080-1) User data constraint has no restrictions
2009-02-23 09:04:38,880 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-127.0.0.1-8080-1) Control flag for entryrg.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
2009-02-23 09:04:38,880 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Calling authenticate()
2009-02-23 09:04:38,880 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-127.0.0.1-8080-1) SSO Id 4BDB9025E977B66742B91E04A926D986 set; attempting reauthentication
2009-02-23 09:04:38,880 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-127.0.0.1-8080-1) Begin authenticate, username=hnair
2009-02-23 09:04:38,895 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.sample] (http-127.0.0.1-8080-1) Begin isValid, principal:hnair, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@12344b[Subject(14446424).principals=org.jboss.security.SimplePrincipal@3338789(hnair)org.jboss.security.SimpleGroup@23309041(Roles(members:ARMRole,UserAdminRole,SCIPRole)),credential.class=java.lang.String@12329707,expirationTime=1235403219445]
2009-02-23 09:04:38,895 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.sample] (http-127.0.0.1-8080-1) Begin validateCache, info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@12344b[Subject(14446424).principals=org.jboss.security.SimplePrincipal@3338789(hnair)org.jboss.security.SimpleGroup@23309041(Roles(members:ARMRole,UserAdminRole,SCIPRole)),credential.class=java.lang.String@12329707,expirationTime=1235403219445];credential.class=java.lang.String@12329707
2009-02-23 09:04:38,895 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.sample] (http-127.0.0.1-8080-1) End validateCache, isValid=true
2009-02-23 09:04:38,895 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.sample] (http-127.0.0.1-8080-1) End isValid, true
2009-02-23 09:04:38,895 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-127.0.0.1-8080-1) User: hnair is authenticated2009-02-23 09:04:38,895 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.sample] (http-127.0.0.1-8080-1) getPrincipal, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@12344b[Subject(14446424).principals=org.jboss.security.SimplePrincipal@3338789(hnair)org.jboss.security.SimpleGroup@23309041(Roles(members:ARMRole,UserAdminRole,SCIPRole)),credential.class=java.lang.String@12329707,expirationTime=1235403219445]
2009-02-23 09:04:38,895 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-127.0.0.1-8080-1) Mapped from input principal: hnairto: hnair
2009-02-23 09:04:38,895 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-127.0.0.1-8080-1) End authenticate, principal=GenericPrincipal[hnair(ARMRole,SCIPRole,UserAdminRole,)]
2009-02-23 09:04:38,895 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Reauthenticated cached principal 'hnair' with auth type 'FORM'
2009-02-23 09:04:38,895 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-127.0.0.1-8080-1) Calling accessControl()
2009-02-23 09:04:38,895 TRACE [org.jboss.security.SecurityRolesAssociation] (http-127.0.0.1-8080-1) Setting threadlocal:null
2009-02-23 09:04:38,895 TRACE [org.jboss.security.SecurityRolesAssociation] (http-127.0.0.1-8080-1) Setting threadlocal:null
2009-02-23 09:04:38,895 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-127.0.0.1-8080-1) An exception or error occurred in the container during the request processing
java.lang.NullPointerException
at org.apache.catalina.realm.RealmBase.hasResourcePermission(RealmBase.java:739)

at org.jboss.web.tomcat.security.JBossWebRealm.hasResourcePermission(JBossWebRealm.java:475)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:507)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)


Server.xml Configuration is given below.

<Valve className="org.apache.catalina.authenticator.SingleSignOn" requireReauthentication="true" />
Rajesh Unnithan
Greenhorn

Joined: Feb 20, 2009
Posts: 22
HI

I could figure out the issue with the null pointer.
It was becoz I missed the <form-error-page> attribute in WEB.xml

It looks like Jboss expect both attributes. Previously i kept only one - the <form-login-page>

<form-login-config>
<form-login-page>redirect.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page> </form-login-config>

Once again thanks a lot for your support

Appreciate your help.


 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JBOSS session sharing issue
 
Similar Threads
How to servlet invoked secured EJB in JBOSS
can not deploy application!!!!
JBoss and J2EE Security
Newbie to JBoss
JBoss Clustering