2 Replies Latest reply on Jul 12, 2004 2:42 AM by elvis.ciocoiu

    I need SRPPrincipal?

    elvis.ciocoiu
    elvis.ciocoiu Jul 9, 2004 1:26 PM

      The method login() of ClientLoginModule is using SimplePrincipal for the member loginPrincipal. And the commit() method sets this member in the SecurityAssociation. My problem is that if I want to use more than one session for a user. What is the best way of doing that?

      Now I'm using a CustomClientLoginModule that binds the SRPPrincipal instantiated in the SRPLoginModule.commit(). Is this the recomended solution?

      Please excuse my ugly english.
      Thanks.

      • 1369 Views
      • Tags:
        • 1. Re: I need SRPPrincipal?
          starksm64
          starksm64 Jul 10, 2004 10:37 AM (in response to elvis.ciocoiu)

          If your using SRP you should to be combining the org.jboss.security.srp.jaas.SRPLoginModule and org.jboss.security.ClientLoginModule with password-stacking="useFirstPass" so that the ClientLoginModule simply accepts whatever type of Principal has been set in the sharedState map under the javax.security.auth.login.name key. However, the SRPLoginModule is putting the principal username into the sharedState rather than the SRPPrincipal so your workaround is fine.

          This change has been checked in for 3.2.6+

            • Actions
          • 2. Re: I need SRPPrincipal?
            elvis.ciocoiu
            elvis.ciocoiu Jul 12, 2004 2:42 AM (in response to elvis.ciocoiu)

            Thank you for the answer.

            My workaround is like you sugested but I'm not realy satisfied with it. That's because I can't use the SecurityAssociationActions (the visibility is at package level) and another problem is that the direct use of SecurityAssociation is discouraged by you in your documentation materials as being internal API and passible of changes). So I'm realy waiting for the 3.2.6 version ....

            I love your work. Thank you.

              • Actions