[jboss-jira] [JBoss JIRA] (WFLY-5569) Module dependencies don't work correctly when JAAS login is used in deployments

Darran Lofthouse (JIRA) issues at jboss.org
Fri Oct 23 07:48:00 EDT 2015 

    [ https://issues.jboss.org/browse/WFLY-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13121441#comment-13121441 ] 

Darran Lofthouse commented on WFLY-5569:
----------------------------------------

At this point in time I think I would be more inclined to consider this a feature request / a requirement on the application to actually have a dependency on the require module.

The problem is once an application has taken on the decision to use a LoginContext directly they also need to have the correct classloading within the application.  When an application calls a LoginContext it effectively uses the globally registered JAAS configuration object: -

https://docs.oracle.com/javase/8/docs/api/javax/security/auth/login/Configuration.html

This configuration only provides class names as Strings, the code within the LoginContext that instantiates these LoginModules is entirely JDK code dependent on the deployment class loader.

Other than possibly using wrapper module aware login modules - checking the LoginContext code I can't actually see any way to override the class loading ourselves.

> Module dependencies don't work correctly when JAAS login is used in deployments
> -------------------------------------------------------------------------------
>
>                 Key: WFLY-5569
>                 URL: https://issues.jboss.org/browse/WFLY-5569
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Josef Cacek
>
> When user wants to use direct JAAS login call from a deployment (e.g. servlet), (s)he will experience problems when LoginModule is placed in custom AS module.
> Login modules works correctly if they come from PicketBox, but new modules doesn't work.
> This issue is based on [this StackOverflow question|http://stackoverflow.com/questions/33203277/wildfly-and-jaas-login-module]



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list