[jboss-user] [Security & JAAS/JBoss] - Re: Validating login/password AND Client Certificate

rameshsr do-not-reply at jboss.com
Wed Jun 25 02:53:43 EDT 2008

Here is what I did to solve the issue. 

1. I extended org.jboss.security.auth.spi.BaseCertLoginModule and overriding the method getAliasAndCert() with my own implementation. 

2. Use my extended LoginModule in place of BaseCertLoginModule in the login-config.xml file.

3. In the login-config.xml file use both the username/password authentication login module and the subclassed BaseCertLoginModule

4. In jboss-service.xml find the following entry
 	 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
    In that change the values of the properties "DefaultCacheTimeout" and  "DefaultCacheResolution" to zero. This is to disable the caching of security credentials, so that your certificate will be validated properly without caching.

I hope this will be helpful for anyone. If you need further details on my implementation of the getAliasAndCert() method, let me know. I will post the relevent portions of the code in the forum.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160436#4160436

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160436

More information about the jboss-user mailing list