]
Magesh Kumar B updated JBAS-4419:
---------------------------------
Attachment: ejb3-UserRolesLoginModule.zip
ejb3-DatabaseServerLoginModule.zip
DatabaseServerLoginModule and JaasSecurityManagerService
DefaultCacheTimeout
----------------------------------------------------------------------------
Key: JBAS-4419
URL:
http://jira.jboss.com/jira/browse/JBAS-4419
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.4.GA
Reporter: Magesh Kumar B
Assigned To: Scott M Stark
Attachments: ejb3-DatabaseServerLoginModule.zip, ejb3-UserRolesLoginModule.zip
According to this WIKI
http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
when DefaultCacheTimeout is set to zero, the login information is lost and the client has
to relogin again. Now the understanding is if a simple client uses the
JndiLoginInitialContextFactory then until the user logsout or the context is expired the
the Credentials has to be cached. This happens perfectly when using UsersRolesLoginModule.
But the same principal is not working when using DatabaseServerLoginModule. I have tested
this with both the JBoss versions 4.0.4 GA and 4.0.5 GA.
Attached are two test cases ejb3-UserRolesLoginModule.zip and
ejb3-DatabaseServerLoginModule.zip each testing the loginmodule behaviours. For the
ejb3-DatabaseServerLoginModule please add the following configuration to the
login-config.xml
<application-policy name = "purchase">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name =
"unauthenticatedIdentity">guest</module-option>
<module-option name =
"dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule" flag =
"required"/>
</authentication>
</application-policy>
The contents of the zip files are straight forward and each has a Client.java class that
calls their respective ejbs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: