2 Replies Latest reply on Apr 25, 2004 10:04 AM by starksm64

LoginModules thread safe?

wcrosman Apr 23, 2004 11:45 AM

I'm creating a login module that validate against NOVELL LDAP.

In order to validate I need to create a connection to the LDAP Server.
For performance reasons (new connection overhead is high) I'd like to
get the user's role/groups when they pass authentication.

Since the call to getRoleSets() happens a some point in time after validatePassword() I'm wondering if the cached role sets could be over written (a race condition).

Or, is a new LoginModule instance created for each user login.

Thanks.

1. Re: LoginModules thread safe?

spiritualmechanic Apr 23, 2004 11:55 AM (in response to wcrosman)

The LoginModule RoleSets correspond to one user. So there's not a race condition.

I'm currently using Novell LDAP libs with a custom LoginModule, that extends the LdapLoginModule.

Let me know if you have any issues. Our LDAP schema is custom, so it may not be exactly what you use, but the technical issues should be pretty similar.
Actions
2. Re: LoginModules thread safe?

starksm64 Apr 25, 2004 10:04 AM (in response to wcrosman)

A new LoginModule is created for each login when authentication is required. The roles for the user are obtained from the resulting subject outside of the authentication call and does not use the getRoleSets as this was used to populate the Subject. Read the JAAS howto for more info on how the login modules are used.
Actions

Go to original post