1 Reply Latest reply on Sep 30, 2008 12:09 PM by ragavgomatam

login-config.xml defining new login-module

nbalakirevs Sep 30, 2008 5:18 AM

While defining new login module you can specify flag - requisite, sufficient, required, optional. Can somebody explain how login modules will work depending on this flag? Thanks.

<policy>
 <application-policy name="login-policy">
 <authentication>
 <login-module code="org.security.jboss.MyFirstLoginModule" flag="optional">
 <module-option name="optionOne">ValueOne</module-option>
 </login-module>
 </authentication>
 </application-policy>
</policy>

1. Re: login-config.xml defining new login-module

ragavgomatam Sep 30, 2008 12:09 PM (in response to nbalakirevs)

JAAS Control Flags
If a security realm has multiple Authentication providers configured, the Control Flag attribute on the Authenticator provider determines the ordered execution of the Authentication providers. The values for the Control Flag attribute are as follows:

REQUIRED -- This LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

REQUISITE -- This LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, return control to the application.

SUFFICIENT --This LoginModule needs not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

OPTIONAL --The user is allowed to pass or fail the authentication test of this Authentication providers. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.
Actions