1 Reply Latest reply on Dec 11, 2009 2:15 AM by hosier.david

Use EJB inside a LoginModule, repeated calls to login()

wolfonline Dec 9, 2009 4:33 AM

We try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed.

public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule
{
 @Override
 public boolean login() throws LoginException
 {
 try {
 boolean successLogin = super.login();
 return successLogin;
 }
 catch ( LoginException e ) {
 increaseFailedLogins();
 throw e;
 }
 }

 private void increaseFailedLogins()
 {
 if ( this.getClaimedUsername() == null ) {
 return;
 }
 InitialContext ctx = new InitialContext();
 return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" );

 PersonServiceLocal personService = lookupContactService();
 Person person = personService.getPersonByUsername( this.getClaimedUsername() );

 personService.increaseFailedLoginsForPerson( person );
 }
}

In jboss.xml we defined the security domain "TM3-security" for all beans:

<jboss>
 <security-domain>java:/jaas/TM3-security</security-domain>
 <unauthenticated-principal>guest</unauthenticated-principal>
</jboss>

In login-config.xml the used login-modules are defined:

<application-policy name = "TM3-security">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required">
 <module-option name="roleName">LoginModuleUser</module-option>
 </login-module>

 <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/PostgresDS</module-option>
 <module-option name = "ignorePasswordCase">false</module-option>
 <module-option name = "principalsQuery">xy</module-option>
 <module-option name = "rolesQuery">xy</module-option>
 </login-module>

 <login-module code="org.jboss.security.ClientLoginModule" flag="required">
 <module-option name="multi-threaded">true</module-option>
 <module-option name="restore-login-identity">true</module-option>
 </login-module>
 </authentication>
 </application-policy>

We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions:
a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other")
b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other")

No success. Any ideas? Thank you.

1. Re: Use EJB inside a LoginModule, repeated calls to login()

hosier.david Dec 11, 2009 2:15 AM (in response to wolfonline)

Not sure this will work for your case, but we had the same issue. I just ended up creating what amounts to a utility EJB that I did NOT add the SecurityDomain to.
Actions