Uploaded image for project: 'OpenEJB'
  1. OpenEJB
  2. OPENEJB-822

Add the ability to "log out" when using JNDI security

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.0
    • 3.1
    • connectors
    • None

    Description

      I tried to use JNDI security with OpenEJB - that is, constructing InitialContext with properties Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS set. It works beautifully, however when another InitialContext is constructed (first one is closed using Context.close()) the following exception occurs:

      Caused by: javax.naming.NamingException: Cannot instantiate an IntraVM
      InitialContext. Exception: javax.naming.AuthenticationException User
      could not be authenticated: karolko [Root exception is
      javax.naming.AuthenticationException: User could not be authenticated:
      karolko [Root exception is javax.security.auth.login.LoginException:
      Thread already associated with a client identity. Refusing to
      overwrite.]]
      at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:116)
      at org.apache.openejb.client.LocalInitialContextFactory.getInitialContext(LocalInitialContextFactory.java:41)
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
      at javax.naming.InitialContext.init(InitialContext.java:223)
      at javax.naming.InitialContext.<init>(InitialContext.java:197)
      at com.whitestein.fe.client.ejb.ClientCommunicationImpl.newClient(ClientCommunicationImpl.java:109)
      ... 16 more
      Caused by: javax.naming.AuthenticationException: User could not be
      authenticated: karolko [Root exception is
      javax.security.auth.login.LoginException: Thread already associated with
      a client identity. Refusing to overwrite.]
      at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:53)
      at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:114)
      ... 22 more
      Caused by: javax.security.auth.login.LoginException: Thread already
      associated with a client identity. Refusing to overwrite.
      at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:174)
      at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:60)
      at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:51)
      ... 23 more

      Probably the client identity should be removed from ThreadLocal on Context.close(), or J2SE security (doPrivileged) could be used to hold the principal.

      Attachments

        Activity

          People

            Unassigned Unassigned
            m.vysny Martin Vysny
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: