[jboss-user] [Security & JAAS/JBoss] - Should RunAsLoginModule remove the principal?
do-not-reply at jboss.com
Fri May 18 05:15:09 EDT 2007
I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs.
The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp. The principal name is the incorrectly entered one.
Is this how it is expected to work?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046738#4046738
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046738
More information about the jboss-user