1 Reply Latest reply on Mar 27, 2002 3:30 PM by luke_t

    When does the Container call LoginModule?

    rlentell
    rlentell Mar 25, 2002 11:42 AM

      I have a simple question, I have been unable to answer looking at the jboss documents and j2ee specifications. I am sure it is there, but I can't find it.

      When does the container call the server side LoginModule?

      I have simple test application, that makes its first call to the server without performing a jaas login on the client. The container calls my custom login module and I assign a default role to the user. I then perform a jaas login on the client and attempt to call another bean that is protected under a different role. I would expect the server to call my custom login module again, because new principals have been assigned. However, it does not and an Insufficent Method Permissions exception is thrown.

      Could anyone point me to the rules the container uses for calling the login module?

      Thanks for any help!

      Ryan

      • 2236 Views
      • Tags:
        • 1. Re: When does the Container call LoginModule?
          luke_t Mar 27, 2002 3:30 PM (in response to rlentell)

          > When does the container call the server side LoginModule?

          The simple answer :) is that it is called when the security interceptor checks the validity of the supplied credentials in the method invocation. It calls

          isValid() on the security manager (JAASSecurityManager)
          which creates a login context and calls login on it.

          Thereafter it's up to JAAS to invoke your configured login modules. So if you have done a client login using the ClientLoginModule this will change the principal as you say. If there is no cached information for this principal then you should see another call on your login module.

          Luke.

            • Actions