[jboss-user] [Security & JAAS/JBoss] - How to avoid caching username and password in sharedstate
purna_cherukuri
do-not-reply at jboss.com
Thu Dec 14 02:38:46 EST 2006
Hi,
My login-config.xml is like this.
Code:
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
| <policy>
| <!-- For the JCR CMS -->
| <application-policy name="cms">
| <authentication>
| <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
| </authentication>
| </application-policy>
|
| <application-policy name="portal">
| <authentication>
| <login-module code="com.tsky.customlogin.CustomLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
My requirement is to avoid concurrent login. Means user should not login from more than one session at a time. Once he is in logged in state, we should not allow him to login in another session. So i am overriding LoginModule and writing some logic to avoid. But the problem is, If the user is looged in, It is not even going to Login module. It is directly taking from cache and allowing him to access the application. So i have removed password-stacking mocule option. Even then, It is behaving as same.
Can anybody halp he out in this?
thanks in advance...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993717#3993717
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3993717
More information about the jboss-user
mailing list