[jboss-user] [Security & JAAS/JBoss] - Should RunAsLoginModule remove the principal?
pshrimpton
do-not-reply at jboss.com
Fri May 18 05:15:09 EDT 2007
Hi,
I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs.
The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp. The principal name is the incorrectly entered one.
Is this how it is expected to work?
Many Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046738#4046738
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046738
More information about the jboss-user
mailing list