[jboss-user] [Security & JAAS/JBoss] - my login method is accessed twice

sionut2 do-not-reply at jboss.com
Fri Dec 22 11:15:44 EST 2006 

Hi,
I have the following configuration in my login-config.xml file:


  | <?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE policy PUBLIC
  | 	"-//JBoss//DTD JBOSS Security Config 3.0//EN"
  | 	"http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | <policy>
  | 	<application-policy name="emp-mft">
  | 		<authentication>
  | 			<login-module 
  | 				code="org.jboss.security.ClientLoginModule" 
  | 				flag="required">
  | 			</login-module>
  | 			
  | 			<login-module
  | 				code="com.xxx.MyCustomLoginModule1"
  | 				flag="sufficient">
  | 				<module-option name="tryFirstPass">true</module-option>
  | 				<module-option name="replacePass">true</module-option>
  | 			</login-module>
  | 		
  | 			<login-module
  | 				code="com.xxx.MyCustomLoginModule2"
  | 				flag="sufficient">
  | 			</login-module>
  | 			
  | </authentication>
  | 	</application-policy>
  | </policy>
  | 

I have 2 problems:
1) My login/commit methods in MyCustomLoginModule1 and MyCustomLoginModule2 are called twice. Is it supposed to work like that ? 
>From what I read about login modules, I think I should get a single login/commit or login/abort - depending on the overall result.

2) In my current tests MyCustomLoginModule2 does the main work - it is the one that performs the login. As I was saying, I get 2 calls to the login method: one of them is succesfull, the other is not. 
 - If I set required for MyCustomLoginModule2, I'm getting a failed overall result  because one of the logins fails.(if it would be only one, I woulnd't have this problem).
 - If I set sufficient for it, my calls pass through, no matter if the credentials are valid or not (and that's because ClientLoginModule is always successful, so the overall is successful). For some weird reason, the login that fails doesn't have any importance here.. 
  
Any help would be greatly appreciated !

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3995897#3995897

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3995897

More information about the jboss-user mailing list