[jboss-user] [Security & JAAS/JBoss] - Should RunAsLoginModule remove the principal?

pshrimpton do-not-reply at jboss.com
Fri May 18 05:15:09 EDT 2007


I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs.

The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp.  The principal name is the incorrectly entered one.

Is this how it is expected to work?

Many Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046738#4046738

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046738

More information about the jboss-user mailing list