[jboss-jira] [JBoss JIRA] Commented: (JBAS-4419) DatabaseServerLoginModule and JaasSecurityManagerService DefaultCacheTimeout
Magesh Kumar B (JIRA)
jira-events at lists.jboss.org
Tue May 15 08:51:52 EDT 2007
[ http://jira.jboss.com/jira/browse/JBAS-4419?page=comments#action_12362255 ]
Magesh Kumar B commented on JBAS-4419:
--------------------------------------
The reason is there is already a ClientLoginModule defined to restore the login information once the web client (servlet, session bean) logs out, so no need to include this propogation here:
<application-policy name = "client-login">
<authentication>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>
This has the same effect of adding the application-policy as:
<application-policy name = "purchase">
<authentication>
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>
> DatabaseServerLoginModule and JaasSecurityManagerService DefaultCacheTimeout
> ----------------------------------------------------------------------------
>
> Key: JBAS-4419
> URL: http://jira.jboss.com/jira/browse/JBAS-4419
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: JBossAS-4.0.5.GA, JBossAS-4.0.4.GA
> Reporter: Magesh Kumar B
> Assigned To: Scott M Stark
> Attachments: ejb3-DatabaseServerLoginModule.zip, ejb3-UserRolesLoginModule.zip
>
>
> According to this WIKI http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials when DefaultCacheTimeout is set to zero, the login information is lost and the client has to relogin again. Now the understanding is if a simple client uses the JndiLoginInitialContextFactory then until the user logsout or the context is expired the the Credentials has to be cached. This happens perfectly when using UsersRolesLoginModule. But the same principal is not working when using DatabaseServerLoginModule. I have tested this with both the JBoss versions 4.0.4 GA and 4.0.5 GA.
> Attached are two test cases ejb3-UserRolesLoginModule.zip and ejb3-DatabaseServerLoginModule.zip each testing the loginmodule behaviours. For the ejb3-DatabaseServerLoginModule please add the following configuration to the login-config.xml
> <application-policy name = "purchase">
> <authentication>
> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag = "required">
> <module-option name = "unauthenticatedIdentity">guest</module-option>
> <module-option name = "dsJndiName">java:/DefaultDS</module-option>
> <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
> <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
> </login-module>
> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"/>
> </authentication>
> </application-policy>
> The contents of the zip files are straight forward and each has a Client.java class that calls their respective ejbs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list