[jboss-user] [Security & JAAS/JBoss] - Re: Repeated calls to LoginModule for EJB authentication
brownjamese
do-not-reply at jboss.com
Thu Feb 8 13:32:39 EST 2007
Anil:
By cache are you refering to the cache maintained by JaasSecurityManagerService? ... configured through (in JBossAS 4.0.4GA) /deploy/security-service.xml? .. with the default configuration:
| !-- JAAS security manager and realm mapping -->
| <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager">
| <attribute name="ServerMode">true</attribute>
| <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
| <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
| <attribute name="DefaultCacheTimeout">0</attribute>
| <attribute name="DefaultCacheResolution">0</attribute>
| </mbean>
|
The reason I ask is that we are encountering the same issue with a custom login module that extends AbstractServerLoginModule implementing only initialize, and login. Thus allowing the super's commit and logout to handle things.
-- James
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013199#4013199
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013199
More information about the jboss-user
mailing list