4 Replies Latest reply on Oct 19, 2011 8:33 PM by Brian Richardson

    Strange behaviour from SecurityClient

    Brian Richardson Newbie

      I am having some trouble with SecurityClient in my EJB client application. While it is possible to authenticate against the server, a LoginException is not thrown when invalid credentials are provided. The auth.conf I am using looks like:


      mine {

           org.jboss.security.ClientLoginModule required;



      The call to SecurityClient is as follows:


      SecurityClient sec = SecurityClientFactory.getSecurityClient();

      sec.setJAAS("mine", new JAASCallbackHandler(email, password));

      try {



      } catch (LoginException e} {




      Luckily, this is a secured EJB and I can catch the EJBAccessException to note that the login failed. However, this is not the desired (or documented) behavior. Replacing the SecurityClient with a LoginContext and debugging shows that:


      1) loginSucceeded = true

      2) success = false


      Reading the source code, it doesn't seem to be possible to get into this state without throwing a LoginException. Does anyone have any ideas on how my EJB client can determine that the authentication at the server has failed?