3 Replies Latest reply on Feb 16, 2012 6:42 PM by Stephen Coy

    Can a custom LoginModule be a stateful ejb?

    Patrick Garner Newbie

      I am using jboss-as-7.1.0.Final-SNAPSHOT and trying to set up custom login module that uses a database.  I followed the instructions in the AS7 documentation to configure a new security domain in standalone.xml and security-domain in jboss-security.xml and security-constraint in web.xml and I set JBoss' logging to TRACE so I can see that my custom login module methods are being invoked (login(), authenticate()).  But injected managed beans and EntityManager references are null.


      Taking a look at https://community.jboss.org/wiki/JBossAS7SecurityDomainModel, which says:


      "Just write the FQCN in the code attribute and it should work out of the box."


      "To place the custom login module class files, you can place them in a jar and put it either:

      • application classpath of your web archive (war) or ejb jar or enterprise archive (ear)  OR
      • separate module under the modules directory."


      Does this mean that my custom login module can be a stateful ejb?  I don't want to use manual transaction demarcation.  I am configuring my login module as stateful ejb and when I deploy, the EntityManager does not appear to be injected; I get NullPointerException.  Any managed beans that I try to inject are also null.


      I took a look at org.jboss.security.auth.spi.DatabaseServerLoginModule (see attached) to see how database access is handled there.  DataSource lookup is via InitialContext e.g.


      InitialContext ctx = new InitialContext();

      DataSource ds = (DataSource) ctx.lookup(dsJndiName);

      conn = ds.getConnection();


      I don't want to write my custom login module this way.  Can I use stateful ejb?