Hi,

I am trying to write my own Login Module to execute some customization. I am extending class IdentityLoginModule and writing my own code to authenticate and authorize against LDAP. I don't want to use LDAPLoginModule because of some customization. So I wrote my own login module and compiled and now I am trying to use this in a web application but this module is not being executed. Any idea what is wrong?

I added my Realm setting in server/default/conf/login-config.xml:

<application-policy name = "QaiserRealm">

<login-module code = "com.ercot.jaas.plugin.ErcotLoginModule"
flag = "required">
</login-module>

</application-policy>

My jboss-web.xml is :

<?xml version='1.0' encoding='UTF-8' ?>

<!DOCTYPE jboss-web
PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

<jboss-web>
<security-domain>java:/jaas/QaiserRealm</security-domain>

<class-loading java2ClassLoadingCompliance="false">
<loader-repository>
log4j.test:loader=eTest.war
<loader-repository-config>java2ParentDelegation=false</loader-repository-config>
</loader-repository>
</class-loading>

</jboss-web>

And my web.xml is :

<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
eTest

<security-constraint>
<web-resource-collection>
<web-resource-name>ercotTest</web-resource-name>
An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application

<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>TestRole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>TestRole</role-name>
</security-role>
</web-app>

This TestRole is comming from LDAP and I am setting this in LoginModule. Problem is my custom login class is not even being called. Any idea?