Hi,

we are now testing our application (development was started with JBoss 3.0.6) with JBoss 3.2.5. We are used JAAS. This is our configuration:

login-config.xml:

<application-policy name = "mmcms">

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/MmcmsDS</module-option>
<module-option name = "principalsQuery">select password from principals where principal=?</module-option>
<module-option name = "rolesQuery">select role, 'Roles' from roles where principal=?</module-option>
</login-module>

</application-policy>


each session bean facade is defined so:

/**
* Description of the Class
*
* @author Rafal Kedziorski
* @version $Id: AccessFacadeBean.java,v 1.19 2004/07/26 06:23:46 rafal Exp $
* @ejb.bean
* name = "AccessFacadeBean"
* description = "Access Facade Stateless Session Bean"
* display-name = "Access Facade Stateless Session Bean"
* local-jndi-name = "access/AccessFacade"
* view-type = "local"
* type = "Stateless"
* transaction-type = "Container"
*
* @ejb.permission
* role-name = "mmcms"
*
* @ejb.transaction
* type = "Required"
*
* @jboss.container-configuration
* name = "Standard Stateless SessionBean"
*
*/

and before we call our session bean facades, we do this:

LoginContext loginContext = CallbackHandlerHelper.doLoginAsMmcms(CallbackHandlerHelper.SECURITY_DOMAIN);

...

private static LoginContext doLogin(String securityDomain, CallbackHandler callbackHandler) {
try {
LoginContext loginContext = new LoginContext(securityDomain, callbackHandler);
loginContext.login();

return loginContext;
}
catch (LoginException le) {
return null;
}
}

But this is not working. If I don't call out doLogin() method or remove the tables from DB, I can every time call my session beans. I tested the same configuration with JBoss 3.2.2 with the same result.

Do we something wrong?


Best Regards,
Rafal