[jboss-user] [Security & JAAS/JBoss] - Re: Strange: access rights lost
Annegret
do-not-reply at jboss.com
Wed Sep 20 10:06:02 EDT 2006
Hi again,
I found out that not the access rights were lost but only the username has been overwritten (which we use to get additional information from a database).
I've added support for an unauthenticated identity in our selfwritten ServerLoginModule the same way it's done in the sample LoginModules in JBoss. But the addition of an empty roleset for unauthenticated in the commit() method seems to overwrite the username of the first logged in user in the cache.
In already created Stateful SessionBeans the sessioncontext was still ok, but in all stateful SessionBeans created after an unauthenticated access the username in the sessioncontext has been overwritten by anonymous.
So I removed the addition of an empty roleset for unauthenticated identity and now it seems to work (hoperfully ;-) )
Is there a known bug in JBoss or in the ServerLoginModules ?
Annegret
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972942#3972942
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3972942
More information about the jboss-user
mailing list