[jboss-user] [Security & JAAS/JBoss] - Re: Custum LoginModule calling EJB in non-default security d
kaloisi
do-not-reply at jboss.com
Tue Nov 28 21:49:38 EST 2006
Not sure if I understand exactly your problem but I have a LoginModule access a secured EJB. I used RunAsLoginModule as an example.
The problem is that JBoss has a stack containing principals and credentials. When a login module is called this stack is empty so if your LoginModule tries to acces a EJB the security intercepter tries to re-login and you end up in an infinite loop. At the beinging of you login() method you need to push the role that is defined in your jboss.xml. This way when the security intecrept is applied it will find the correct role and let the access through.
http://docs.jboss.org/jbossas/javadoc/4.0.5/security/org/jboss/security/auth/spi/RunAsLoginModule.html
--kevin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989554#3989554
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989554
More information about the jboss-user
mailing list