5 Replies Latest reply on Mar 7, 2008 11:11 AM by Magnus Sandberg

    JAAS authentication always succeeds

    Magnus Sandberg Novice

      I'm trying to make Seam authenticate using my own realm.


      I have set up the Realm in login-config.xml and mapped the Realm in Seam with:


      <security:identity
        authenticate-method="#{authenticator.authenticate}" 
        jaas-config-name="MyRealm"/>



      so far so good.


      When logging in with a correct username and password I am authenticated as expected as well as when issuing a bad username and password I am not.


      But when issuing any username and an empty password I am always beeing authenticated.


      Also a bit wierd is that as soon as some identity is accepted furher logins using Seam will always succeed (maybe just in the same session), no check is done against the JAAS Realm; as far as I can see with full debug trace on.


      In the debugger I can see that only the expected Realm is used in the login process but it just ends with a success more often than I would like it to.


      I could really use som guidance ...