[jboss-user] [Security & JAAS/JBoss] - ClientLoginModule and the mysterios another login module

lonny27 do-not-reply at jboss.com
Wed Apr 8 11:52:40 EDT 2009

the documentation http://www.jboss.org/file-access/default/members/jbossas/freezone/docs/Server_Configuration_Guide/4/html/The_JBoss_Security_Extension_Architecture-How_the_JaasSecurityManager_Uses_JAAS.html makes it clear: anonymous wrote : ClientLoginModule: This is the default client side module that simply binds the username and password to the JBoss EJB invocation layer for later authentication on the server. The identity of the client is not authenticated on the client.
http://www.jboss.org/community/docs/DOC-9298anonymous wrote : If you need to perform client-side authentication of users you would need to configure another login module in addition to the ClientLoginModule.

So in my case the authentication is done when the first SessionBean is accessed via its remote interface. Works perfect.
Caveat: All LoginExceptions (e.g. account expired thrown by the server-side  configured LoginModule get lost and a useless EJBAccessException is caught if the authentication fails.

Question: What other mysterious LoginModule is needed so the server-side authentication is triggered when calling LoginContext.login() on the client-side? Is that even possible?

Thanks a lot for any help,

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224415#4224415

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224415

More information about the jboss-user mailing list