[jboss-dev-forums] [Design of Security on JBoss] - How to avoid caching username and password
purna_cherukuri
do-not-reply at jboss.com
Thu Dec 14 02:44:21 EST 2006
Hi,
My login-config.xml is like this.
Code:
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
| <policy>
| <!-- For the JCR CMS -->
| <application-policy name="cms">
| <authentication>
| <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
| </authentication>
| </application-policy>
|
| <application-policy name="portal">
| <authentication>
| <login-module code="com.tsky.customlogin.CustomLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
My requirement is to avoid concurrent login. Means user should not login from more than one session at a time. Once he is in logged in state, we should not allow him to login in another session. So i am overriding LoginModule and writing some logic to avoid. But the problem is, If the user is looged in, It is not even going to Login module. It is directly taking from cache and allowing him to access the application. So i have removed password-stacking module option. Even then, It is behaving as same.
I have posted this in Jboss-user forum but got no reply.
Can anybody halp he out in this?
thanks in advance...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993718#3993718
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3993718
More information about the jboss-dev-forums
mailing list