-
1. Re: Multiple login modules - LDAP and DB failover
jhedden Aug 29, 2007 1:55 PM (in response to deanouk)did you ever resolve this? I am trying to implement something similar.
-
2. Re: Multiple login modules - LDAP and DB failover
deanouk Aug 29, 2007 2:13 PM (in response to deanouk)No not as yet, I still need to do it at some point though, so if you find anything let me know - and vice versa.
-
3. Re: Multiple login modules - LDAP and DB failover
jc7442 Sep 7, 2007 1:28 PM (in response to deanouk)In your login-config.xml you can create a policy with modules flagged sufficient. i do that to authenticate user on several LDAP:
<authentication> <login-module code=".. LoginModule" flag="sufficient"> ... </login-module> <login-module code=".. LoginModule2" flag="sufficient"> ... </login-module> </authentication> </application-policy>
-
4. Re: Multiple login modules - LDAP and DB failover
deanouk Oct 20, 2007 4:40 AM (in response to deanouk)But if a user doesn't give any login information - he'll still be 'authenticated' because both are only marked as sufficient.
-
5. Re: Multiple login modules - LDAP and DB failover
deanouk Oct 20, 2007 5:08 AM (in response to deanouk)Here:
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
I read:
"If no Required or Requisite LoginModules are configured for an application, then at least one Sufficient or Optional LoginModule must succeed."
But that's not what's happening - both are failing but the user is still able to login (authentication passes but then they cannot access the resources).