0 Replies Latest reply on Oct 30, 2012 8:51 AM by mkind

    Login module and session issues

    mkind
    mkind Oct 30, 2012 8:51 AM

      Hi!

      I've created a simple login module based on org.jboss.security.auth.spi.UsernamePasswordLoginModule.

      Also, created a new security domain:

       

      [code]

      <security-domain name="mydomain" cache-type="default">

           <authentication>

                <login-module code="com.test.MylLoginModule" flag="required"></login-module>

           </authentication>

      </security-domain>

      [/code]

       

      jboss-web.xml:

       

      [code]

      <jboss-web>

           <context-root>myapp</context-root>

           <security-domain>mydomain</security-domain>

           <disable-audit>true</disable-audit>

      </jboss-web>

      [/code]

       

      Authentication configuration in web.xml:

       

      [code]

      <login-config>

           <auth-method>FORM</auth-method>

           <form-login-config>

                <form-login-page>/login.jsp</form-login-page>

                <form-error-page>/loginerror.jsp</form-error-page>

           </form-login-config>

      </login-config>

      [/code]

       

      All works fine, but if to login from several different places (computers), session sometimes seems "shared": login/logout in app running in one machine causes login/logout for the application running on another. In other words, two users trying to login using the same credentials, but from different places.

      I was sure such authentication mechanizm works with browser session, isn't it?