[jboss-user] [Security & JAAS/JBoss] - Re: Strange: access rights lost

Wednesday, 20 September 2006

Hi again,

I found out that not the access rights were lost but only the username has been
overwritten (which we use to get additional information from a database).

I've added support for an unauthenticated identity in our selfwritten
ServerLoginModule the same way it's done in the sample LoginModules in JBoss. But the
addition of an empty roleset for unauthenticated in the commit() method seems to overwrite
the username of the first logged in user in the cache.
In already created Stateful SessionBeans the sessioncontext was still ok, but in all
stateful SessionBeans created after an unauthenticated access the username in the
sessioncontext has been overwritten by anonymous.

So I removed the addition of an empty roleset for unauthenticated identity and now it
seems to work (hoperfully ;-) )

Is there a known bug in JBoss or in the ServerLoginModules ?

Annegret

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972942#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Re: Strange: access rights lost