[
http://jira.jboss.com/jira/browse/JBAS-4419?page=comments#action_12362255 ]
Magesh Kumar B commented on JBAS-4419:
--------------------------------------
The reason is there is already a ClientLoginModule defined to restore the login
information once the web client (servlet, session bean) logs out, so no need to include
this propogation here:
<application-policy name = "client-login">
<authentication>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<!-- Any existing security context will be restored on logout -->
<module-option
name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>
This has the same effect of adding the application-policy as:
<application-policy name = "purchase">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name =
"unauthenticatedIdentity">guest</module-option>
<module-option name =
"dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<!-- Any existing security context will be restored on logout -->
<module-option
name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>
DatabaseServerLoginModule and JaasSecurityManagerService
DefaultCacheTimeout
----------------------------------------------------------------------------
Key: JBAS-4419
URL:
http://jira.jboss.com/jira/browse/JBAS-4419
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.4.GA
Reporter: Magesh Kumar B
Assigned To: Scott M Stark
Attachments: ejb3-DatabaseServerLoginModule.zip, ejb3-UserRolesLoginModule.zip
According to this WIKI
http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
when DefaultCacheTimeout is set to zero, the login information is lost and the client has
to relogin again. Now the understanding is if a simple client uses the
JndiLoginInitialContextFactory then until the user logsout or the context is expired the
the Credentials has to be cached. This happens perfectly when using UsersRolesLoginModule.
But the same principal is not working when using DatabaseServerLoginModule. I have tested
this with both the JBoss versions 4.0.4 GA and 4.0.5 GA.
Attached are two test cases ejb3-UserRolesLoginModule.zip and
ejb3-DatabaseServerLoginModule.zip each testing the loginmodule behaviours. For the
ejb3-DatabaseServerLoginModule please add the following configuration to the
login-config.xml
<application-policy name = "purchase">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name =
"unauthenticatedIdentity">guest</module-option>
<module-option name =
"dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule" flag =
"required"/>
</authentication>
</application-policy>
The contents of the zip files are straight forward and each has a Client.java class that
calls their respective ejbs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira