3 Replies Latest reply on Nov 14, 2013 10:48 AM by henrikdeluxe

    Using a fallback login module

    mylos78
    mylos78 Nov 14, 2013 9:13 AM

      Hi all !

      I'm using a database login module in my JBoss AS 7.2 application to check user's authorization. Since the user's database is not available in some circumstances, I'd like to add as fall back the simpler RealmDirect login module which checks on file for authentication. Is it possible to achieve it ? Looking at the docs, I'm just guessing:

       

      <login-module code="Database" flag="required">

      . . .

      </login-module>

      <login-module code="RealmDirect" flag="sufficient">

      . . . .                        

      </login-module>

      Is it correct the required/sufficient combination I am using ?

      Thanks

      Mylos

      • 198 Views
      • Tags:
        • 1. Re: Using a fallback login module
          henrikdeluxe
          henrikdeluxe Nov 14, 2013 9:47 AM (in response to mylos78)

          I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules

           

          If the first one succeed the second won't be invoke

          If the first one fails the second module will be invoked

          if second fails login is denied

            • Actions
          • 2. Re: Using a fallback login module
            mylos78
            mylos78 Nov 14, 2013 10:32 AM (in response to henrikdeluxe)

            Thanks for your reply, yes what you say makes sense however from the security subsystem XSD I can read that with Required:

            "Required - The LoginModule is required to succeed. If it succeeds or fails, authentication still continues to proceed down the LoginModule list."

            So I'm not sure what is the best option for my case, Required or Sufficient.

             

            >I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules

            My need is that if the database is unavailable, the authentication will be checked on the filesystem using the RealmDirect, but just as second option.

            Thanks

            Mylos


              • Actions
            • 3. Re: Using a fallback login module
              henrikdeluxe
              henrikdeluxe Nov 14, 2013 10:48 AM (in response to mylos78)

              i think if you choose "sufficient" for both login-modules, it will work as you need,

              but you may get ugly exceptions while database-login-module crashes cause database isn't available

               

               

              as second step you may write an own database-loginmodule that inherit from jboss databaseLoginModule and precheck availabilty of database

              if database is not available you could silently return false in login() method and log custom messages

                • Actions