2 Replies Latest reply on Dec 18, 2006 10:02 PM by purna_cherukuri

    How to avoid caching username and password in sharedstate

    purna_cherukuri

      Hi,

      My login-config.xml is like this.
      Code:

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
      <policy>
       <!-- For the JCR CMS -->
       <application-policy name="cms">
       <authentication>
       <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
       </authentication>
       </application-policy>
      
       <application-policy name="portal">
       <authentication>
       <login-module code="com.tsky.customlogin.CustomLoginModule" flag="required">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       </login-module>
       </authentication>
       </application-policy>
      </policy>
      


      My requirement is to avoid concurrent login. Means user should not login from more than one session at a time. Once he is in logged in state, we should not allow him to login in another session. So i am overriding LoginModule and writing some logic to avoid. But the problem is, If the user is looged in, It is not even going to Login module. It is directly taking from cache and allowing him to access the application. So i have removed password-stacking mocule option. Even then, It is behaving as same.

      Can anybody halp he out in this?

      thanks in advance...