[jboss-dev-forums] [JBoss AS 7 Development] - Login module and session issues

Vladimir Kishlaly do-not-reply at jboss.com
Tue Oct 30 08:51:46 EDT 2012 

Vladimir Kishlaly [https://community.jboss.org/people/mkind] created the discussion

"Login module and session issues"

To view the discussion, visit: https://community.jboss.org/message/772973#772973

--------------------------------------------------------------
Hi!
I've created a simple login module based on org.jboss.security.auth.spi.UsernamePasswordLoginModule.
Also, created a new security domain:

[code]
<security-domain name="mydomain" cache-type="default">
     <authentication>
          <login-module code="com.test.MylLoginModule" flag="required"></login-module>
     </authentication>
</security-domain>
[/code]

jboss-web.xml:

[code]
<jboss-web>
     <context-root>myapp</context-root>
     <security-domain>mydomain</security-domain>
     <disable-audit>true</disable-audit>
</jboss-web>
[/code]

Authentication configuration in web.xml:

[code]
<login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
          <form-login-page>/login.jsp</form-login-page>
          <form-error-page>/loginerror.jsp</form-error-page>
     </form-login-config>
</login-config>
[/code]

All works fine, but if to login from several different places (computers), session sometimes seems "shared": login/logout in app running in one machine causes login/logout for the application running on another. In other words, two users trying to login using the same credentials, but from different places.
I was sure such authentication mechanizm works with browser session, isn't it?
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/772973#772973]

Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121030/b3710a53/attachment.html

More information about the jboss-dev-forums mailing list