Hello,
I have a custom loginmodule that uses an EJB to authenticate user in its login() method. The methods in the EJB are unchecked but there was no identity so login module was being invoked recursively. So, I added RunAsLoginModule to my login module stack.
I use RunAsLoginModule to set a runAs role.
My login-config.xml has the follwoing entry:
*******************************************
<application-policy name = "csb">
<login-module code = "org.jboss.security.auth.spi.RunAsLoginModule"
flag = "required" >
</login-module>
<login-module code = "com.vcorp.csb.security.auth.spi.UsersRolesLoginModule"
flag = "required" >
</login-module>
</application-policy>
*******************************************
I still get the follwoing exception (Full stack trace is attached):
16:50:13,937 ERROR [SecurityInterceptor] Authentication exception, principal=null
16:50:13,937 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
at org.jboss.ejb.Container.invoke(Container.java:720)
***********************************
Has anyone used RunAsLoginModule successfully.
Thanks in advance
Bhawana