[jboss-user] [Security] - Use EJB inside a LoginModule, repeated calls to login()

We try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed. | public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule | { | @Override | public boolean login() throws LoginException | { | try { | boolean successLogin = super.login(); | return successLogin; | } | catch ( LoginException e ) { | increaseFailedLogins(); | throw e; | } | } | | private void increaseFailedLogins() | { | if ( this.getClaimedUsername() == null ) { | return; | } | InitialContext ctx = new InitialContext(); | return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" ); | | PersonServiceLocal personService = lookupContactService(); | Person person = personService.getPersonByUsername( this.getClaimedUsername() ); | | personService.increaseFailedLoginsForPerson( person ); | } | } | In jboss.xml we defined the security domain "TM3-security" for all beans: | <jboss> | <security-domain>java:/jaas/TM3-security</security-domain> | <unauthenticated-principal>guest</unauthenticated-principal> | </jboss> | In login-config.xml the used login-modules are defined: | <application-policy name = "TM3-security"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required"> | <module-option name="roleName">LoginModuleUser</module-option> | </login-module> | | <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required"> | <module-option name = "unauthenticatedIdentity">guest</module-option> | <module-option name = "dsJndiName">java:/PostgresDS</module-option> | <module-option name = "ignorePasswordCase">false</module-option> | <module-option name = "principalsQuery">xy</module-option> | <module-option name = "rolesQuery">xy</module-option> | </login-module> | | <login-module code="org.jboss.security.ClientLoginModule" flag="required"> | <module-option name="multi-threaded">true</module-option> | <module-option name="restore-login-identity">true</module-option> | </login-module> | </authentication> | </application-policy> | We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions: a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other") b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other") No success. Any ideas? Thank you. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4269747#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...