[jboss-user] [Security & JAAS/JBoss] - retry fails with form based authentication woth custom login

[ppradhan]

I am using a custom login module which uses a web service to validate a username/password pair, along with form based authentication. Everything works ok for a valid user.
In the case of a wrong username or password, my error page displays a message with a link back to the login page. 
Even if I enter the correct username/password, and the logs show my webservice returning correct roles, the login does not succeed, i.e. the empty login form is displayed again.
This does not happen if I reenter the link in the browser address page or open a new browser window. 
The html form has 
<meta http-equiv="Pragma" content="no-cache"> and I have tried invalidating the session as well. 

The logs end with :
16:32:04,656 DEBUG [RealmBase] Username rps1 has role LOCSRV
16:32:04,656 DEBUG [AuthenticatorBase]  Successfully passed all security constraints
16:32:04,656 DEBUG [StandardWrapper]   Returning non-STM instance


The login module extends the UsernamePasswordLoginModule class, and overrides the initialize(), getUsersPassword(), validatePassword and getRoleSets() methods. jboss bersion 4.0.2

Any pointers?

Thanks in advance


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963683#3963683

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963683