[#OPENEJB-822] Add the ability to "log out" when using JNDI security

OpenEJB

Add the ability to "log out" when using JNDI security

Created: 18/Jun/08 07:16 AM Updated: 26/May/09 07:01 PM

Return to search

Component/s:

connectors

Affects Version/s:

3.0

Fix Version/s:

3.1

Time Tracking:

Not Specified

Resolution Date:

26/May/09 07:01 PM

Description

« Hide

I tried to use JNDI security with OpenEJB - that is, constructing InitialContext with properties Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS set. It works beautifully, however when another InitialContext is constructed (first one is closed using Context.close()) the following exception occurs:

Caused by: javax.naming.NamingException: Cannot instantiate an IntraVM
InitialContext. Exception: javax.naming.AuthenticationException User
could not be authenticated: karolko [Root exception is
javax.naming.AuthenticationException: User could not be authenticated:
karolko [Root exception is javax.security.auth.login.LoginException:
Thread already associated with a client identity. Refusing to
overwrite.]]
        at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:116)
        at org.apache.openejb.client.LocalInitialContextFactory.getInitialContext(LocalInitialContextFactory.java:41)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at com.whitestein.fe.client.ejb.ClientCommunicationImpl.newClient(ClientCommunicationImpl.java:109)
        ... 16 more
Caused by: javax.naming.AuthenticationException: User could not be
authenticated: karolko [Root exception is
javax.security.auth.login.LoginException: Thread already associated with
a client identity. Refusing to overwrite.]
        at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:53)
        at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:114)
        ... 22 more
Caused by: javax.security.auth.login.LoginException: Thread already
associated with a client identity. Refusing to overwrite.
        at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:174)
        at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:60)
        at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:51)
        ... 23 more

Probably the client identity should be removed from ThreadLocal on Context.close(), or J2SE security (doPrivileged) could be used to hold the principal.

Description

I tried to use JNDI security with OpenEJB - that is, constructing InitialContext with properties Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS set. It works beautifully, however when another InitialContext is constructed (first one is closed using Context.close()) the following exception occurs: Caused by: javax.naming.NamingException: Cannot instantiate an IntraVM InitialContext. Exception: javax.naming.AuthenticationException User could not be authenticated: karolko [Root exception is javax.naming.AuthenticationException: User could not be authenticated: karolko [Root exception is javax.security.auth.login.LoginException: Thread already associated with a client identity. Refusing to overwrite.]] at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:116) at org.apache.openejb.client.LocalInitialContextFactory.getInitialContext(LocalInitialContextFactory.java:41) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197) at com.whitestein.fe.client.ejb.ClientCommunicationImpl.newClient(ClientCommunicationImpl.java:109) ... 16 more Caused by: javax.naming.AuthenticationException: User could not be authenticated: karolko [Root exception is javax.security.auth.login.LoginException: Thread already associated with a client identity. Refusing to overwrite.] at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:53) at org.apache.openejb.client.LocalInitialContextFactory.getIntraVmContext(LocalInitialContextFactory.java:114) ... 22 more Caused by: javax.security.auth.login.LoginException: Thread already associated with a client identity. Refusing to overwrite. at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:174) at org.apache.openejb.core.security.AbstractSecurityService.associate(AbstractSecurityService.java:60) at org.apache.openejb.core.ivm.naming.InitContextFactory.getInitialContext(InitContextFactory.java:51) ... 23 more Probably the client identity should be removed from ThreadLocal on Context.close(), or J2SE security (doPrivileged) could be used to hold the principal.

Show »

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

David Blevins added a comment - 26/May/09 07:01 PM

Was fixed in 3.1

David Blevins made changes - 26/May/09 07:01 PM

Field	Original Value	New Value
Resolution		Fixed [ 1 ]
Fix Version/s		3.1 [ 12312761 ]
Status	Open [ 1 ]	Closed [ 6 ]