I have a custom auth module that I have written to extend the UsernamePasswordLoginModule:
public class SASAuth extends UsernamePasswordLoginModule
My login-config.xml looks like this:
<application-policy name="portal"> <authentication> <login-module code="com.workscape.auth.modules.sas.SASAuth" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module> </authentication> </application-policy>
I have numerous logging statements throughout each function in my auth module.
My Auth Module works just find exception under one specific circumstance.
When "UserA" logs into the portal from "BrowserA" my auth module is successful and dumps every single logging entry from my auth module. If "UserA" logs into the portal from "BrowserB" (before the previous login has been logged out) the user is logged in successfully, but there is not one single logging entry made. It does not init, doesn't execute login() or validatePassword() but logs the user in nonetheless. Entering invalid credentials fails, as one would expect, but it still never logs a single entry nor fires any of the methods within the auth module.
It should be noted that "BrowserA"/"BrowserB" is meant to be read generically, it does not matter whether you are using IE/FF etc.
JBoss Portal Server 2.6.3GA Bundled With App Server
Out of the Box Datastore
Java SDK 1.6.0_02
I can post my full code if needed, but I am hoping that the description of the problem is enough to trip something in someone's mind. Furthermore, I am hoping that there is a simple configuration change to add to login-config.xml, but I won't hold my breath :)