Hi Folks,

I'm using Jboss 3.2.3 and I'm trying to get my own LoginModule to work with an ejb call in the login method.
I've read about the RunAsLoginModule which should exactly do that. But its not working yet. I think I'm missing one bit.

I configured the login-conf.xml as followed:

<application-policy name="spedOnline">

<login-module code="org.jboss.security.auth.spi.RunAsLoginModule" flag="required">
<module-option name="roleName">Login</module-option>
</login-module>
<login-module flag="required" code="com.cosomex.spedonline.security.SpedOnline_LoginModul"/>

</application-policy>


I think I fail in the login method of my own module - here the code of my login method:

public boolean login() throws LoginException {
succeed = false;
NameCallback nameCallback = new NameCallback("username");
PasswordCallback pwCallback = new PasswordCallback("password", false);

try {
callbackHandler.handle(new Callback[] { nameCallback, pwCallback });
} catch (Exception e) {
e.printStackTrace();
}

String username = nameCallback.getName();
String password = new String(pwCallback.getPassword());

if (username.equals("demo") && password.equals("test")) {
succeed = true;
} else {
try {
UserRoleLocalHome home = (UserRoleLocalHome) ( new InitialContext() ).lookup( UserRoleLocalHome.JNDI_NAME );
user = home.findByUserId(username);
} catch (Exception e1) {
e1.printStackTrace();
}
if ((user != null) && (user.getPassword().equals(password))) {
succeed = true;
}
}
if ( succeed ){
this.userId = username;
}
return succeed;
}

When it come to the step to call ***.findByUserId(.....) I get the exception:

java.lang.SecurityException: Authentication exception, principal=null

Can anyone provide me with some sample code, or give me a hint what goes wrong??

Thanks in advance!
Frank