Daniel Straub [
https://community.jboss.org/people/dastraub] created the discussion
"Re: LoginModule defined with cached=true, but called between web and ejb
container"
To view the discussion, visit:
https://community.jboss.org/message/714211#714211
--------------------------------------------------------------
Unitl you can find a solution, I patched the SimpleSecurityManager because of this problem
we are massive hindered during our development process. Each ejb-call forces a call to a
complex login module.
I changed the methode SimpleSecurityManager.establishSecurityContext like this :
{code}
private static SecurityContext establishSecurityContext(final String securityDomain) {
// Do not use SecurityFactory.establishSecurityContext, its static init is
broken.
try {
final AuthenticationManager authenticationManager = new
JNDIBasedSecurityManagement().getAuthenticationManager(securityDomain);
final SecurityContext securityContext =
SecurityContextFactory.createSecurityContext(securityDomain);
if (authenticationManager != null) {
final ISecurityManagement delegate = securityContext.getSecurityManagement();
securityContext.setSecurityManagement(new ISecurityManagement() {
@Override
public MappingManager getMappingManager(String securityDomain) {
return delegate.getMappingManager(securityDomain);
}
@Override
public JSSESecurityDomain getJSSE(String securityDomain) {
return delegate.getJSSE(securityDomain);
}
@Override
public IdentityTrustManager getIdentityTrustManager(String securityDomain) {
return delegate.getIdentityTrustManager(securityDomain);
}
@Override
public AuthorizationManager getAuthorizationManager(String securityDomain) {
return delegate.getAuthorizationManager(securityDomain);
}
@Override
public AuthenticationManager getAuthenticationManager(String securityDomain) {
return authenticationManager;
}
@Override
public AuditManager getAuditManager(String securityDomain) {
return delegate.getAuditManager(securityDomain);
}
});
}
SecurityContextAssociation.setSecurityContext(securityContext);
return securityContext;
} catch (Exception e) {
throw new SecurityException(e);
}
}
{code}
Does not look good, but is a workaround for us.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/714211#714211]
Start a new discussion in PicketBox Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]