This content has been marked as final.
Show 2 replies
-
1. Re: Closing Browser seems to bypass DatabaseServerLoginModul
pander Oct 24, 2006 4:01 PM (in response to pander)So out of all you java/jboss guru's on here nobody has any pointers?
-
2. Re: Closing Browser seems to bypass DatabaseServerLoginModul
jaikiran Oct 24, 2006 11:55 PM (in response to pander)Paul,
First of all let me tell you i am not a java/jboss guru.If they open a new browser window (having say just closed one and been logged in) the browser and JBOSS/Tomcat correctly sends them to the login page to enter their login details
Which means that it is working as expected. Since this is a new session, the user will be directed to the login page before accessing the secure resource.If the user then attempts to login again using the same username and password with which they were previously logged in, JBOSS/Tomcat seems to completely ignore my DatabaseLogin module, which extends DatabaseServerLoginModule
How did you verify this? Please try to obtain the TRACE level logs from the jboss security package as mentioned in Q4 at:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQand so various session beans that I am populating via reads from the database in this module are not being created and I am being left with a NullPointerException when the code gets further down the request cycle and is attempting to access the beans.
Please post the exception stacktrace that you are seeing. I believe that the NullpointerException might not be related to security issues. You will usually see SecurityException in such cases.Surely if the server had decided that actually the user with these credentials was still logged in then it would have done that when they went to the inital landing page and would have directed them to the user's homepage and not to the login page.... it just doesn't make sense.
Opening a new browser is a totally new session and it does not matter if the user is still logged in from some other browser. This new browser will need authentication of the user again and so he/she will be redirected to the login page.