[jboss-user] [Security] - Use EJB inside a LoginModule, repeated calls to login()
Thomas.Woelfl
do-not-reply at jboss.com
Wed Dec 9 04:33:09 EST 2009
We try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed.
| public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule
| {
| @Override
| public boolean login() throws LoginException
| {
| try {
| boolean successLogin = super.login();
| return successLogin;
| }
| catch ( LoginException e ) {
| increaseFailedLogins();
| throw e;
| }
| }
|
| private void increaseFailedLogins()
| {
| if ( this.getClaimedUsername() == null ) {
| return;
| }
| InitialContext ctx = new InitialContext();
| return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" );
|
| PersonServiceLocal personService = lookupContactService();
| Person person = personService.getPersonByUsername( this.getClaimedUsername() );
|
| personService.increaseFailedLoginsForPerson( person );
| }
| }
|
In jboss.xml we defined the security domain "TM3-security" for all beans:
| <jboss>
| <security-domain>java:/jaas/TM3-security</security-domain>
| <unauthenticated-principal>guest</unauthenticated-principal>
| </jboss>
|
In login-config.xml the used login-modules are defined:
| <application-policy name = "TM3-security">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required">
| <module-option name="roleName">LoginModuleUser</module-option>
| </login-module>
|
| <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "dsJndiName">java:/PostgresDS</module-option>
| <module-option name = "ignorePasswordCase">false</module-option>
| <module-option name = "principalsQuery">xy</module-option>
| <module-option name = "rolesQuery">xy</module-option>
| </login-module>
|
| <login-module code="org.jboss.security.ClientLoginModule" flag="required">
| <module-option name="multi-threaded">true</module-option>
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions:
a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other")
b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other")
No success. Any ideas? Thank you.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4269747#4269747
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4269747
More information about the jboss-user
mailing list