1 2 Previous Next 26 Replies Latest reply on Aug 7, 2013 11:05 AM by massassa

    Custom login module is never called

    massassa Newbie

      Hi,

       

      I'm trying to migrate an application from JBoss 6.0.0 to JBoss 7.1.0. Unfortunatly I'm encoutering one problem after the other. The latest is that my custom login module is never called.

      It's a 3-tier application with a RCP-Client that uses EJB remote procedure calls. I did all the configuration of the security domain and added the my custom login module as described in the documentation. But I don't see that it is called nor can I see an error message indicating that there's something wront with my login module. I stripped down this problem to a very simple example which uses a login module that extends UsersRolesLoginModule and just adds some loging to it. The login module is inside my applications ear file.

       

      Here's my security configuration in the standalone.xml

       

      <security-realm name="MyRealm">

        <authentication>

            <jaas name="MySecurityDomain"/>

        </authentication>

      </security-realm>

       

      ...

       

      <security-realm name="MyRealm">

        <authentication>

           <jaas name="MySecurityDomain"/>

        </authentication>

      </security-realm>

       

      ...

       

      <security-domain name="MySecurityDomain" cache-type="default">

        <authentication>

          <login-module code="Remoting" flag="optional">

            <module-option name="password-stacking" value="useFirstPass"/>

          </login-module>

          <login-module code="org.jboss7app.ejb.MyLoginModule" flag="required">

            <module-option name="usersProperties" value="${jboss.server.config.dir}/my-users.properties"/>

            <module-option name="rolesProperties" value="${jboss.server.config.dir}/my-roles.properties"/>

            <module-option name="password-stacking" value="useFirstPass"/>

          </login-module>

        </authentication>

      </security-domain>

       

       

      Login module looks like this:

       

      public class MyLoginModule extends UsersRolesLoginModule

      {

          private Log LOG = LogFactory.getLog(MyLoginModule.class);

       

       

          @Override

          public void initialize(Subject arg0, CallbackHandler arg1, Map<String, ?> arg2, Map<String, ?> arg3)

          {

              LOG.info("Initializing");

              super.initialize(arg0, arg1, arg2, arg3);

          }

       

       

          @Override

          public boolean login() throws LoginException

          {

              LOG.info("Calling Login");

              return super.login();

          }

      }

       

      Your help is highly appreciated.

        1 2 Previous Next