[jboss-jira] [JBoss JIRA] Updated: (JBAS-4419) DatabaseServerLoginModule and JaasSecurityManagerService DefaultCacheTimeout

Magesh Kumar B (JIRA) jira-events at lists.jboss.org
Tue May 15 08:42:52 EDT 2007 

     [ http://jira.jboss.com/jira/browse/JBAS-4419?page=all ]

Magesh Kumar B updated JBAS-4419:
---------------------------------

    Attachment: ejb3-UserRolesLoginModule.zip
                ejb3-DatabaseServerLoginModule.zip

> DatabaseServerLoginModule and JaasSecurityManagerService DefaultCacheTimeout
> ----------------------------------------------------------------------------
>
>                 Key: JBAS-4419
>                 URL: http://jira.jboss.com/jira/browse/JBAS-4419
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.4.GA
>            Reporter: Magesh Kumar B
>         Assigned To: Scott M Stark
>         Attachments: ejb3-DatabaseServerLoginModule.zip, ejb3-UserRolesLoginModule.zip
>
>
> According to this WIKI http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials when DefaultCacheTimeout is set to zero, the login information is lost and the client has to relogin again. Now the understanding is if a simple client uses the JndiLoginInitialContextFactory then until the user logsout or the context is expired the the Credentials has to be cached. This happens perfectly when using UsersRolesLoginModule. But the same principal is not working when using DatabaseServerLoginModule. I have tested this with both the JBoss versions 4.0.4 GA and 4.0.5 GA.
> Attached are two test cases ejb3-UserRolesLoginModule.zip and ejb3-DatabaseServerLoginModule.zip each testing the loginmodule behaviours. For the ejb3-DatabaseServerLoginModule please add the following configuration to the login-config.xml
> <application-policy name = "purchase">
>        <authentication>
>           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
>              flag = "required">
>              <module-option name = "unauthenticatedIdentity">guest</module-option>
>              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
>              <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
>              <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
>           </login-module>
>           <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"/>
>        </authentication>
>     </application-policy>
> The contents of the zip files are straight forward and each has a Client.java class that calls their respective ejbs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list