8 Replies Latest reply on Jul 13, 2016 10:05 AM by Nitin Shukla

    WildFly 8.2 LdapLoginModule is called repeatedly during navigation

    Nitin Shukla Newbie

      Hello WildFly forum members,


      I recently migrated my web application from JBoss AS 7.1 to WildFly 8.2. My web application is using LdapLoginModule for user authentication. My application has an extended class of LdapLoginModule. The purpose of this extended class is only to resolve the application username to user principal name against database and then let LdapLoginModule authentication the principal name with Ldap server. This allows user keep a different user name with application and yet use same LDAP account password to log into the application.


      The application is working fine after migrating it from JBoss AS 7.1 to WildFly 8.2, however from the application logs I can see that this login module is repeated called when user navigates in application (after successful authentication) from one page to another. Note that the user isn't prompted to authenticate again during navigation. This was not happening when the application was running with JBoss AS 7.1


      Here is the login config in web.xml




      Here is the security domain configuration in jboss-web.xml




      Here is my standalone configuration for security domain

      <security-domain name="pricing">
              <login-module code="com.mycompany.xx.util.auth.PrincipalMappingLdapLoginModule" flag="requisite">
                  <module-option name="password-stacking" value="useFirstPass"/>
                  <module-option name="allowEmptyPasswords" value="false"/>
                  <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/pricing.SQLServerDS"/>
                  <module-option name="mappingSql" value="SELECT UserPrincipalName FROM APP.PricingUser WHERE PricingUserName=?"/>
                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                  <module-option name="java.naming.provider.url" value="ldap://eixrodc01.somerac.net:3244/ ldap://eixrodc02.somerac.net:2268/"/>
                  <module-option name="throwValidateError" value="true"/>
              <login-module code="DatabaseUsers" flag="requisite">
                  <module-option name="password-stacking" value="useFirstPass"/>
                  <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/pricing.SQLServerDS"/>
                  <module-option name="rolesQuery" value="SELECT UserRole.RoleName, 'Roles' FROM APP.UserRole, APP.PricingUser, APP.PricingUserRole WHERE APP.PricingUser.PricingUserName=? AND APP.PricingUser.PricingUserId=APP.PricingUserRole.PricingUserId AND APP.PricingUserRole.UserRoleId=APP.UserRole.UserRoleId AND APP.PricingUser.isActive=1"/>
              <login-module code="com.mycompany.xxx.util.auth.DatabaseAuditLoginModule" flag="required">
                  <module-option name="password-stacking" value="useFirstPass"/>
                  <module-option name="dsJndiName" value="java:jboss/datasources/jdbc/pricing.SQLServerDS"/>
                  <module-option name="updateSql" value="UPDATE APP.PricingUser SET LastLoginDate = GETDATE() WHERE PricingUserName = ? and isActive = 1"/>


      These configuration have not changes during migration from JBoss 7.1 to WildFly8.2, so I am unable to find reason why the Login Module is repeatedly called when application is running in WildFly server.


      Any pointers/help to resolve this issue is appreciated.