JAAS module with LTPA that bypasses the user registry - Websphere

This is a discussion on JAAS module with LTPA that bypasses the user registry - Websphere ; I've a JAAS login module that attempts to bypass the user registry. I could use the TAI but I've built this to work with several app servers so I have to use JAAS. I create a custom principle and credential ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 25

Thread: JAAS module with LTPA that bypasses the user registry

  1. JAAS module with LTPA that bypasses the user registry

    I've a JAAS login module that attempts to bypass the user registry. I could use the TAI but I've built this to work with several app servers so I have to use JAAS. I create a custom principle and credential which extend the right websphere objects. Everything works with SWAM but when I use LTPA I have troubles with the user-registry.

    In the technical Journal, "Advanced authentication in WebSphere Application Server", I read how I can get LTPA to generate the right token - bypassing the user registry - by setting some values in the shared-state. That seems to work. I don't get the user registry errors now. In fact I get no errors, nothing in the logs that says anything is wrong. The JAAS modules commit. But I never have a subject when accessing a protected page. After logging in, I get redirected to the protected page, which sends me back to login, then I'm sent to the protected page... in an infinite loop.

    I also have a custom JACC module that I've put a break-point on to verify that the subject is in fact empty, with no principles passed in.

    Here is the shared state code:
    map.put(AttributeNameConstants.WSCREDENTIAL_UNIQUE ID, ldap+'/'+uid);
    map.put(AttributeNameConstants.WSCREDENTIAL_SECURI TYNAME,getCNFromDN(this.getUsername()));
    map.put(AttributeNameConstants.WSCREDENTIAL_GROUPS , new ArrayList());
    map.put(AttributeNameConstants.WSCREDENTIAL_CACHE_ KEY, uid+'/'+ldap);

    Just for good measure I also added a hashmap to the subject's public Credentials.

    Are there some values I still need to set?
    Will I be able to bypass the userRegistry or should create a new one?
    I read that the wsMapDefaultInboundLoginModule "instantiates the subject". What does that mean? Doesn't the Subject already exist at that point?


  2. Re: JAAS module with LTPA that bypasses the user registry

    cmorris@novell.com wrote:
    > I've a JAAS login module that attempts to bypass the user registry. I could use the TAI but I've built this to work with several app servers so I have to use JAAS. I create a custom principle and credential which extend the right websphere objects. Everything works with SWAM but when I use LTPA I have troubles with the user-registry.
    >
    > In the technical Journal, "Advanced authentication in WebSphere Application Server", I read how I can get LTPA to generate the right token - bypassing the user registry - by setting some values in the shared-state. That seems to work. I don't get the user registry errors now. In fact I get no errors, nothing in the logs that says anything is wrong. The JAAS modules commit. But I never have a subject when accessing a protected page. After logging in, I get redirected to the protected page, which sends me back to login, then I'm sent to the protected page... in an infinite loop.
    >
    > I also have a custom JACC module that I've put a break-point on to verify that the subject is in fact empty, with no principles passed in.
    >
    > Here is the shared state code:
    > map.put(AttributeNameConstants.WSCREDENTIAL_UNIQUE ID, ldap+'/'+uid);
    > map.put(AttributeNameConstants.WSCREDENTIAL_SECURI TYNAME,getCNFromDN(this.getUsername()));
    > map.put(AttributeNameConstants.WSCREDENTIAL_GROUPS , new ArrayList());
    > map.put(AttributeNameConstants.WSCREDENTIAL_CACHE_ KEY, uid+'/'+ldap);
    >
    > Just for good measure I also added a hashmap to the subject's public Credentials.
    >
    > Are there some values I still need to set?
    > Will I be able to bypass the userRegistry or should create a new one?
    > I read that the wsMapDefaultInboundLoginModule "instantiates the subject". What does that mean? Doesn't the Subject already exist at that point?
    >



    Which login configuration did you add your custom login module to, and
    where did you put it?

    Do you have SSO turned on? (if not, you won't be getting an LTPA cookie)

  3. Re: JAAS module with LTPA that bypasses the user registry

    > Which login configuration did you add your custom
    > login module to, and
    > where did you put it?

    I added it to the WEB_INBOUND login configuration with my login module before the ltpaLoginModule which is before the wsMapDefaultInboundLoginModule. Just for fun I added another module before and after the wsMapDefaultInboundLoginModule. Debugging into them doesn't show anything fishy. The principle that I place on the Subject is still there in the last LoginModule. All of the three modules commit.

    >
    > Do you have SSO turned on? (if not, you won't be
    > getting an LTPA cookie)


    I think SSO is on. Under Security->Global security->Authentication Mechanism->LTPA->Single signon, I have the following:
    enabled:true
    requiresSSL:false
    domainName:myDomain.com
    InteroperabilityMode:true
    Web inbound secufity attribute propataion:true

  4. Re: JAAS module with LTPA that bypasses the user registry

    cmorris@novell.com wrote:
    >> Which login configuration did you add your custom login module to,
    >> and where did you put it?

    > I added it to the WEB_INBOUND login configuration with my login
    > module before the ltpaLoginModule which is before the
    > wsMapDefaultInboundLoginModule. Just for fun I added another module
    > before and after the wsMapDefaultInboundLoginModule. Debugging into
    > them doesn't show anything fishy. The principle that I place on the
    > Subject is still there in the last LoginModule. All of the three
    > modules commit.



    Can you post your login module source?


    >> Do you have SSO turned on? (if not, you won't be getting an LTPA
    >> cookie)

    >
    > I think SSO is on. Under Security->Global security->Authentication
    > Mechanism->LTPA->Single signon, I have the following: enabled:true
    > requiresSSL:false domainName:myDomain.com InteroperabilityMode:true
    > Web inbound secufity attribute propataion:true


    Are you actually seeing LTPA cookies flow? If you use Live Headers do
    you see it at the browser?

  5. Re: JAAS module with LTPA that bypasses the user registry

    cmorris@novell.com wrote:
    > I've a JAAS login module that attempts to bypass the user registry. I could use the TAI but I've built this to work with several app servers so I have to use JAAS. I create a custom principle and credential which extend the right websphere objects. Everything works with SWAM but when I use LTPA I have troubles with the user-registry.
    >
    > In the technical Journal, "Advanced authentication in WebSphere Application Server", I read how I can get LTPA to generate the right token - bypassing the user registry - by setting some values in the shared-state. That seems to work. I don't get the user registry errors now. In fact I get no errors, nothing in the logs that says anything is wrong. The JAAS modules commit. But I never have a subject when accessing a protected page. After logging in, I get redirected to the protected page, which sends me back to login, then I'm sent to the protected page... in an infinite loop.
    >
    > I also have a custom JACC module that I've put a break-point on to verify that the subject is in fact empty, with no principles passed in.
    >
    > Here is the shared state code:
    > map.put(AttributeNameConstants.WSCREDENTIAL_UNIQUE ID, ldap+'/'+uid);
    > map.put(AttributeNameConstants.WSCREDENTIAL_SECURI TYNAME,getCNFromDN(this.getUsername()));
    > map.put(AttributeNameConstants.WSCREDENTIAL_GROUPS , new ArrayList());
    > map.put(AttributeNameConstants.WSCREDENTIAL_CACHE_ KEY, uid+'/'+ldap);
    >
    > Just for good measure I also added a hashmap to the subject's public Credentials.
    >
    > Are there some values I still need to set?
    > Will I be able to bypass the userRegistry or should create a new one?
    > I read that the wsMapDefaultInboundLoginModule "instantiates the subject". What does that mean? Doesn't the Subject already exist at that point?
    >



    Just to be clear - you create the hashtable in shared state in the login
    method, not the commit method, right ?

  6. Re: JAAS module with LTPA that bypasses the user registry

    No, I don't see any LTPA cookies.

    Will it be alright if I send you the code in email?

  7. Re: JAAS module with LTPA that bypasses the user registry

    > Just to be clear - you create the hashtable in shared
    > state in the login
    > method, not the commit method, right ?

    Right. I sent you the code in an email if that is alright.


  8. Re: JAAS module with LTPA that bypasses the user registry

    cmorris@novell.com wrote:
    > No, I don't see any LTPA cookies.


    Hmm, then you have something wrong somewhere. If you were successfully
    logged in, and configured to use LTPA, then you would have the cookie.
    Without it, WAS goes back to the not-logged-in process. As you don't
    have a TAI, the first thing it will do is challenge, and then will run
    your login configuration.

  9. Re: JAAS module with LTPA that bypasses the user registry

    > Hmm, then you have something wrong somewhere. If you
    > were successfully
    > logged in, and configured to use LTPA, then you would
    > have the cookie.
    > Without it, WAS goes back to the not-logged-in
    > process. As you don't
    > have a TAI, the first thing it will do is challenge,
    > and then will run
    > your login configuration.


    That sounds exactly right. So I my problem is probably with the configuration and not with the module code itself. I took a few snap-shots of my configuration. I'll attach them

  10. Re: JAAS module with LTPA that bypasses the user registry

    general web security settings snapshot attached

  11. federated repository configuration

    attached snapshot of config for fed repository

  12. SSO config

    attached snapshot of SSO config

  13. Authentication mechanisms and expiration

    Authentication mechanisms and expiration config attached. It looks like this has some LTPA keys in it. From reading around I got the impression that if I have all my nodes managed by the same server I don't have to import LTPA keys into the nodes. Is that right?

  14. Re: JAAS module with LTPA that bypasses the user registry

    cmorris@novell.com wrote:
    > general web security settings snapshot attached


    I'm reading this on NNTP, and it doesn't show any attachments.

  15. Re: Authentication mechanisms and expiration

    cmorris@novell.com wrote:
    > Authentication mechanisms and expiration config attached. It looks like this has some LTPA keys in it. From reading around I got the impression that if I have all my nodes managed by the same server I don't have to import LTPA keys into the nodes. Is that right?


    Your LTPA keys are cellwide.

  16. Don't set your own WSPrincipal

    > No, I don't see any LTPA cookies.
    >
    > Will it be alright if I send you the code in email?


    For anyone else reading this, I sent Mr. Ilechko my code and he quickly noted that I'm setting my own implementation of WSPrincipal and WSCredential and I need to let the LTPA modules create them for me.

    I removed the code that set the WSCredential and WSPrincipal, then I added my custom attributes as a public credential on the subject.

    Now I get an internal server error that doesn't give me much information to go on:

    [9/19/07 10:34:12:686 MDT] 00000030 NidsLoginModu I login committed using configuration AMEVENT#D7510B10-66C7-11DC-8B10-DDB9970B79AE: principals=[] result=true
    [9/19/07 10:34:12:695 MDT] 00000030 FormLoginExte E SECJ0118E: Authentication error during authentication for user cn=test,o=novell

    NideLoginModule is my custom login module and it seems to login and commit just fine but right after that I see a FormLogin error.

    Documentation on the error code says:
    SECJ0118E: Authentication error during authentication for user {0}
    Explanation: An unexpected error occurred during authentication.
    User Response: This is an internal error. Look for previous messages that may be related to the failure.

    There are no previous errors in the logs so I'm stuck again.



  17. Re: JAAS module with LTPA that bypasses the user registry

    > cmorris@novell.com wrote:
    > > general web security settings snapshot attached

    >
    > I'm reading this on NNTP, and it doesn't show any
    > attachments.


    I'm not sure how nntp would get the attachments. They may only be available using the web page. I'll send an email.

  18. Re: Don't set your own WSPrincipal

    cmorris@novell.com wrote:
    >> No, I don't see any LTPA cookies.
    >>
    >> Will it be alright if I send you the code in email?

    >
    > For anyone else reading this, I sent Mr. Ilechko my code and he quickly noted that I'm setting my own implementation of WSPrincipal and WSCredential and I need to let the LTPA modules create them for me.
    >
    > I removed the code that set the WSCredential and WSPrincipal, then I added my custom attributes as a public credential on the subject.
    >
    > Now I get an internal server error that doesn't give me much information to go on:
    >
    > [9/19/07 10:34:12:686 MDT] 00000030 NidsLoginModu I login committed using configuration AMEVENT#D7510B10-66C7-11DC-8B10-DDB9970B79AE: principals=[] result=true
    > [9/19/07 10:34:12:695 MDT] 00000030 FormLoginExte E SECJ0118E: Authentication error during authentication for user cn=test,o=novell
    >
    > NideLoginModule is my custom login module and it seems to login and commit just fine but right after that I see a FormLogin error.
    >
    > Documentation on the error code says:
    > SECJ0118E: Authentication error during authentication for user {0}
    > Explanation: An unexpected error occurred during authentication.
    > User Response: This is an internal error. Look for previous messages that may be related to the failure.
    >
    > There are no previous errors in the logs so I'm stuck again.
    >
    >


    Can you turn on security trace so that you can see exactly what the
    sequence of events is? The trace string you need is something like:

    com.ibm.ws.security.*=all=enabled:com.ibm.webspher e.security.*=all=enabled


  19. Re: Don't set your own WSPrincipal

    cmorris@novell.com wrote:
    >> No, I don't see any LTPA cookies.
    >>
    >> Will it be alright if I send you the code in email?

    >
    > For anyone else reading this, I sent Mr. Ilechko my code and he quickly noted that I'm setting my own implementation of WSPrincipal and WSCredential and I need to let the LTPA modules create them for me.
    >
    > I removed the code that set the WSCredential and WSPrincipal, then I added my custom attributes as a public credential on the subject.
    >
    > Now I get an internal server error that doesn't give me much information to go on:
    >
    > [9/19/07 10:34:12:686 MDT] 00000030 NidsLoginModu I login committed using configuration AMEVENT#D7510B10-66C7-11DC-8B10-DDB9970B79AE: principals=[] result=true
    > [9/19/07 10:34:12:695 MDT] 00000030 FormLoginExte E SECJ0118E: Authentication error during authentication for user cn=test,o=novell
    >
    > NideLoginModule is my custom login module and it seems to login and commit just fine but right after that I see a FormLogin error.
    >
    > Documentation on the error code says:
    > SECJ0118E: Authentication error during authentication for user {0}
    > Explanation: An unexpected error occurred during authentication.
    > User Response: This is an internal error. Look for previous messages that may be related to the failure.
    >
    > There are no previous errors in the logs so I'm stuck again.
    >
    >


    Another thought - are you adding any groups to the hashmap ? It looks to
    me like you are sticking an empty array list in to WSCREDENTIAL_GROUPS.
    I think if that is empty, WAS will try to read the user registry to get
    groups, giving you an authentication error when it can't find the user.

  20. Re: Don't set your own WSPrincipal

    > Can you turn on security trace so that you can see
    > exactly what the
    > sequence of events is?


    Nothing was obvious to me. Here is the trace I got:

    ADMU0116I: Tool information is being logged in file
    /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1/startServer.log
    ADMU0128I: Starting tool with the AppSrv01 profile
    ADMU3100I: Reading configuration for server: server1
    ADMU3200I: Server launched. Waiting for initialization status.
    ADMU3000I: Server server1 open for e-business; process id is 17338
    camvm2:/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin # tail /root/
    bash_history Desktop .fonts.cache-1 .gconfd .gnome2_private .java .mcop .qt trace.log workspace
    bin .exrc .fvwm .gnome .gnupg .kbd .mozilla .skel .viminfo .Xauthority
    config .fonts .gconf .gnome2 .ICEauthority .kde nproduct.log .ssh vpd.properties .X.err
    camvm2:/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin # tail /root/trace.log
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage > setCallerSubject Entry
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage 3 Setting caller subject to NULL.
    [9/20/07 11:29:50:419 MDT] 0000006e SubjectHelper > updatePropagationTokenWithSubjectChange Entry
    [9/20/07 11:29:50:419 MDT] 0000006e SubjectHelper < updatePropagationTokenWithSubjectChange Exit
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage < setCallerSubject Exit
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo < postInvoke Exit
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo > postInvoke Entry

    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo < postInvoke Exit
    camvm2:/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin # tail -n 100 -f /root/trace.log
    Principal: defaultWIMFileBasedRealm/server:camvm1Node01Cell_camvm1Node01_server1
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@21be21be
    Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@24 582458
    Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@ 54025402
    Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@4 3ec43ec

    [9/20/07 11:29:50:405 MDT] 0000006b ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:405 MDT] 0000006b ContextManage > setInvocationSubject Entry
    [9/20/07 11:29:50:405 MDT] 0000006b ContextManage 3 Setting caller subject: Subject:
    Principal: defaultWIMFileBasedRealm/server:camvm1Node01Cell_camvm1Node01_server1
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@21be21be
    Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@24 582458
    Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@ 54025402
    Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@4 3ec43ec

    [9/20/07 11:29:50:405 MDT] 0000006b ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:407 MDT] 0000006e RoleBasedConf > loadSecurityPolicy - MBean admin-authz Entry
    [9/20/07 11:29:50:407 MDT] 0000006e RolePermissio > convert Entry
    [9/20/07 11:29:50:407 MDT] 0000006e RoleBasedModu 3 add(JSP:getName)[adminsecuritymanager, administrator, monitor, configurator, operator, deployer]
    [9/20/07 11:29:50:407 MDT] 0000006e RoleBasedModu 3 add(JSP:getStats)[adminsecuritymanager, administrator, monitor, configurator, operator, deployer]
    [9/20/07 11:29:50:407 MDT] 0000006e RoleBasedConf < loadSecurityPolicy - MBean Exit
    admin-authz
    [9/20/07 11:29:50:407 MDT] 0000006e ServletWrappe I SRVE0242I: [PayrollApp] [/payroll] [/error.jsp]: Initialization successful.
    [9/20/07 11:29:50:408 MDT] 0000006e EJSWebCollabo > postInvoke Entry
    com.ibm.ws.security.web.WebSecurityContext@1aaa1aa a
    [9/20/07 11:29:50:408 MDT] 0000006e EJSWebCollabo 3 Resetting invoked: Subject:
    Principal: /UNAUTHENTICATED
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@42304230
    and received: nullsubjects
    [9/20/07 11:29:50:408 MDT] 0000006e ContextManage > setInvocationSubject Entry
    [9/20/07 11:29:50:408 MDT] 0000006e ContextManage 3 Setting caller subject: Subject:
    Principal: /UNAUTHENTICATED
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@42304230

    [9/20/07 11:29:50:408 MDT] 0000006e ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:408 MDT] 0000006e ContextManage > setCallerSubject Entry
    [9/20/07 11:29:50:408 MDT] 0000006e ContextManage 3 Setting caller subject to NULL.
    [9/20/07 11:29:50:408 MDT] 0000006e SubjectHelper > updatePropagationTokenWithSubjectChange Entry
    [9/20/07 11:29:50:410 MDT] 0000006e SubjectHelper < updatePropagationTokenWithSubjectChange Exit
    [9/20/07 11:29:50:410 MDT] 0000006e ContextManage < setCallerSubject Exit
    [9/20/07 11:29:50:410 MDT] 0000006e EJSWebCollabo < postInvoke Exit
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > getServerSubject Entry
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > getServerSubjectInternal Entry
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > getRegistryObject Entry
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage < getRegistryObject Exit
    com.ibm.ws.security.registry.UserReg....registry.WIMUserRegistry@2f1e2f1e;realm=defaultWIMFileBasedReal m
    [9/20/07 11:29:50:417 MDT] 00000068 WSCredentialI > isDestroyed Entry
    [9/20/07 11:29:50:417 MDT] 00000068 WSCredentialI < isDestroyed Exit
    false
    [9/20/07 11:29:50:417 MDT] 00000068 WSCredentialI > getExpiration Entry
    [9/20/07 11:29:50:417 MDT] 00000068 WSCredentialI < getExpiration Exit
    1190316402207
    [9/20/07 11:29:50:417 MDT] 00000068 AuthCache > getCushion Entry
    [9/20/07 11:29:50:417 MDT] 00000068 AuthCache < getCushion Exit
    600000
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage 3 Is server subject valid? true
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage 3 Server Subject returned with sufficient time left.
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage < getServerSubject Exit
    Subject:
    Principal: defaultWIMFileBasedRealm/server:camvm1Node01Cell_camvm1Node01_server1
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@21be21be
    Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@24 582458
    Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@ 54025402
    Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@4 3ec43ec

    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > getInvocationSubject Entry
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage < getInvocationSubject Exit
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > setInvocationSubject Entry
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage 3 Setting caller subject: Subject:
    Principal: defaultWIMFileBasedRealm/server:camvm1Node01Cell_camvm1Node01_server1
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@21be21be
    Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@24 582458
    Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@ 54025402
    Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@4 3ec43ec

    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:417 MDT] 00000068 ContextManage > setInvocationSubject Entry
    [9/20/07 11:29:50:418 MDT] 00000068 ContextManage 3 Setting caller subject: Subject:
    Principal: defaultWIMFileBasedRealm/server:camvm1Node01Cell_camvm1Node01_server1
    Public Credential: com.ibm.ws.security.auth.WSCredentialImpl@21be21be
    Private Credential: com.ibm.ws.security.token.SingleSignonTokenImpl@24 582458
    Private Credential: com.ibm.ws.security.token.AuthenticationTokenImpl@ 54025402
    Private Credential: com.ibm.ws.security.token.AuthorizationTokenImpl@4 3ec43ec

    [9/20/07 11:29:50:418 MDT] 00000068 ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo > postInvoke Entry
    com.ibm.ws.security.web.WebSecurityContext@5c205c2
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo 3 Resetting invoked: null and received: nullsubjects
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage > setInvocationSubject Entry
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage 3 Setting invocation subject to NULL.
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage < setInvocationSubject Exit
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage > setCallerSubject Entry
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage 3 Setting caller subject to NULL.
    [9/20/07 11:29:50:419 MDT] 0000006e SubjectHelper > updatePropagationTokenWithSubjectChange Entry
    [9/20/07 11:29:50:419 MDT] 0000006e SubjectHelper < updatePropagationTokenWithSubjectChange Exit
    [9/20/07 11:29:50:419 MDT] 0000006e ContextManage < setCallerSubject Exit
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo < postInvoke Exit
    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo > postInvoke Entry

    [9/20/07 11:29:50:419 MDT] 0000006e EJSWebCollabo < postInvoke Exit
    [9/20/07 11:31:36:210 MDT] 0000004e Cache > alarm Entry

    [9/20/07 11:31:36:210 MDT] 0000004e Cache > evictStaleEntries Entry
    [9/20/07 11:31:36:210 MDT] 0000004e Cache < evictStaleEntries Exit
    [9/20/07 11:31:36:210 MDT] 0000004e Cache 3 com.ibm.ws.security.auth.AuthCache Time elapsed cleaning cache: 0 milliseconds, Primary cache size: 0, Secondary cache size: 4, Tertiary cache size: 0
    [9/20/07 11:31:36:210 MDT] 0000004e Cache < alarm Exit


+ Reply to Thread
Page 1 of 2 1 2 LastLast