I've implemented a simple program to test JAAS using DatabaseServerLoginModule and following the code provided with "JAAS Based Security in JBoss" tutorial.
This is my main function:
public static void main(String[] args) {
try {
AppCallbackHandler handler = new AppCallbackHandle(args[0], args[1].toCharArray());
LoginContext lc = new LoginContext("TestLogin", handler);
lc.login();
} catch (LoginException ex) {
System.out.println("Login Failed");
ex.printStackTrace();
}
try {
InitialContext iniContext = new InitialContext();
MyJBHome home = (MyEJBHome)iniContext.lookup("MyJNDI");
MyEJB mgr = home.create();
System.out.println("Created EJB");
} catch(Exception e) {
e.printStackTrace();
}
}
In my DB I've defined the user = 'user' with the pwd = 'pwd'.
If I try to login with the (user, pwd) pair, all is OK as expected. But if I login using a wrong username and/or password,
the server logs a "javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required" but on client side I don't see a LoginException but a RemoteException. So my question is: How can I distinguish a login fail from a remoteException?
The LoginContext documentation reports that the login method MUST throws a LoginException if authentication fails.
Moreover if I comment the home.create() statement and try to login again, whatever pair I use none exception is never thrown. I don't know if I make a mistake or if this is the right behaviour.
Can someone help me?
Thanks, Simone