Use EJB inside a LoginModule, repeated calls to login()
wolfonline Dec 9, 2009 4:33 AMWe try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed.
public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule { @Override public boolean login() throws LoginException { try { boolean successLogin = super.login(); return successLogin; } catch ( LoginException e ) { increaseFailedLogins(); throw e; } } private void increaseFailedLogins() { if ( this.getClaimedUsername() == null ) { return; } InitialContext ctx = new InitialContext(); return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" ); PersonServiceLocal personService = lookupContactService(); Person person = personService.getPersonByUsername( this.getClaimedUsername() ); personService.increaseFailedLoginsForPerson( person ); } }
In jboss.xml we defined the security domain "TM3-security" for all beans:
<jboss> <security-domain>java:/jaas/TM3-security</security-domain> <unauthenticated-principal>guest</unauthenticated-principal> </jboss>
In login-config.xml the used login-modules are defined:
<application-policy name = "TM3-security"> <authentication> <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required"> <module-option name="roleName">LoginModuleUser</module-option> </login-module> <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/PostgresDS</module-option> <module-option name = "ignorePasswordCase">false</module-option> <module-option name = "principalsQuery">xy</module-option> <module-option name = "rolesQuery">xy</module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> <module-option name="multi-threaded">true</module-option> <module-option name="restore-login-identity">true</module-option> </login-module> </authentication> </application-policy>
We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions:
a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other")
b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other")
No success. Any ideas? Thank you.