1 Reply Latest reply on Sep 30, 2008 12:09 PM by Ragav Gomatam

    login-config.xml defining new login-module

    Nikita Balakirevs Newbie

      While defining new login module you can specify flag - requisite, sufficient, required, optional. Can somebody explain how login modules will work depending on this flag? Thanks.

       <application-policy name="login-policy">
       <login-module code="org.security.jboss.MyFirstLoginModule" flag="optional">
       <module-option name="optionOne">ValueOne</module-option>

        • 1. Re: login-config.xml defining new login-module
          Ragav Gomatam Novice

          JAAS Control Flags
          If a security realm has multiple Authentication providers configured, the Control Flag attribute on the Authenticator provider determines the ordered execution of the Authentication providers. The values for the Control Flag attribute are as follows:

          REQUIRED -- This LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

          REQUISITE -- This LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, return control to the application.

          SUFFICIENT --This LoginModule needs not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

          OPTIONAL --The user is allowed to pass or fail the authentication test of this Authentication providers. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.