[jboss-user] [Security & JAAS/JBoss] - Re: Repeated calls to LoginModule for EJB authentication

brownjamese do-not-reply at jboss.com
Thu Feb 8 13:32:39 EST 2007


Anil:

By cache are you refering to the cache maintained by JaasSecurityManagerService?  ... configured through (in JBossAS 4.0.4GA) /deploy/security-service.xml?  .. with the default configuration:

  | !-- JAAS security manager and realm mapping -->
  |    <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager">
  |      <attribute name="ServerMode">true</attribute>
  |      <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
  |      <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
  |      <attribute name="DefaultCacheTimeout">0</attribute>
  |      <attribute name="DefaultCacheResolution">0</attribute>
  |    </mbean>
  | 

The reason I ask is that we are encountering the same issue with a custom login module that extends AbstractServerLoginModule implementing only initialize, and login.  Thus allowing the super's commit and logout to handle things.

-- James

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013199#4013199

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013199



More information about the jboss-user mailing list