0

In my webapp, running in Wildfly, there are several roles defined. User is given several tabs for each role he has (e.g. admin, support etc). User/admin can also enable/disable roles for himself or for other users in browser. But when the role is added/removed, tab should be added/removed as well. And that only happens if jboss cache is flushed manually from cli or even worse - restarted. Is it possible to remove the role or flush server cache at runtime (when user clicks the button)? Role authentication is done via 'request.isUserInRole()', but what I need is something like setUserInRole("admin")=false.

gmode
  • 3,601
  • 4
  • 31
  • 39
  • I guess flushing cache and removing user role from jboss server are two separate things and can be two different questions, but since both solutions would work, bear with me on this one. – gmode Sep 19 '15 at 21:11

2 Answers2

0

This is how I resolved it.

public void flushAuthenticationCache(String userid) {

    final String domain = "mydomain";
    try {
        ObjectName jaasMgr = new ObjectName("jboss.as:subsystem=security,security-domain=" + domain);
        Object[] params = {userid};
        String[] signature = {"java.lang.String"};
        MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
        server.invoke(jaasMgr, "flushCache", params, signature);

        } catch (Throwable e) {
        e.printStackTrace();
      }
}

Note that the method above flushes cache for specific user only. The method below you flush cache for all users:

public static final void flushJaasCache(String securityDomain){  
      try {  
           javax.management.MBeanServerConnection mbeanServerConnection = java.lang.management.ManagementFactory  
                     .getPlatformMBeanServer();  
           javax.management.ObjectName mbeanName = new javax.management.ObjectName("jboss.as:subsystem=security,security-domain="+securityDomain);  
           mbeanServerConnection.invoke(mbeanName, "flushCache", null, null);  
      } catch (Exception e) {  
           throw new SecurityException(e);  
      }  
}
gmode
  • 3,601
  • 4
  • 31
  • 39
  • is your sever running in standalone or domain mode? because i got the following error in domain mode: 2017-07-03 15:14:39,397 ERROR [ch.bls.lopas.server.resource.ConnectionTestResource] (default task-8) Error while flushing cache: WFLYJMX0019: No operation named 'flush-cache' – faenschi Jul 03 '17 at 14:02
0

For those using JBoss CLI I figured out this command to do the equivalent of the above. In the below command I'm using a domain config, but similar should apply to single server.

/host=MyHost/server=MyServer/subsystem=security/security-domain=other:flush-cache(principal=UserToFlush)

Piwaf
  • 808
  • 8
  • 9