3 Replies Latest reply on Nov 14, 2013 10:48 AM by Henrik Hoffmann

    Using a fallback login module

    Mylos Kathos Master

      Hi all !

      I'm using a database login module in my JBoss AS 7.2 application to check user's authorization. Since the user's database is not available in some circumstances, I'd like to add as fall back the simpler RealmDirect login module which checks on file for authentication. Is it possible to achieve it ? Looking at the docs, I'm just guessing:

       

      <login-module code="Database" flag="required">

      . . .

      </login-module>

      <login-module code="RealmDirect" flag="sufficient">

      . . . .                        

      </login-module>

      Is it correct the required/sufficient combination I am using ?

      Thanks

      Mylos

        • 1. Re: Using a fallback login module
          Henrik Hoffmann Newbie

          I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules

           

          If the first one succeed the second won't be invoke

          If the first one fails the second module will be invoked

          if second fails login is denied

          • 2. Re: Using a fallback login module
            Mylos Kathos Master

            Thanks for your reply, yes what you say makes sense however from the security subsystem XSD I can read that with Required:

            "Required - The LoginModule is required to succeed. If it succeeds or fails, authentication still continues to proceed down the LoginModule list."

            So I'm not sure what is the best option for my case, Required or Sufficient.

             

            >I don't know if i understood corectly, but i think you have to set "sufficient" for both login-modules

            My need is that if the database is unavailable, the authentication will be checked on the filesystem using the RealmDirect, but just as second option.

            Thanks

            Mylos


            • 3. Re: Using a fallback login module
              Henrik Hoffmann Newbie

              i think if you choose "sufficient" for both login-modules, it will work as you need,

              but you may get ugly exceptions while database-login-module crashes cause database isn't available

               

               

              as second step you may write an own database-loginmodule that inherit from jboss databaseLoginModule and precheck availabilty of database

              if database is not available you could silently return false in login() method and log custom messages