4 Replies Latest reply on Sep 16, 2001 3:40 PM by Daniel Schaller

    login problem

    Daniel Schaller Newbie


      I have set up my EJBs with securtiy. As a server-side-login module, I am using the DatabaseServerLoginModule. At client side, I am using the default one: ClientLoginModule.
      Well, when I create a LoginContext and I call the login method everything seems going ok, but a look in the server.log of JBoss you can see, that the login was not executed yet on server side. Only if you try to call one method of one of the EJBs home interfaces, such as the create() method, on the server side the login is exectued in real.

      Does anybody know, whats going wrong there? Which options have to be set that the login is exectued on server side when the client calls login on the LoginContext?!
      What does the option "password-stacking=useFirstPass" stand for???

      Thank you a lot

      Daniel Schaller

        • 1. Re: login problem
          William Kaufman Newbie

          Nothing is wrong - that's the behavior. If you want the client-side login to "immediately" propagate to the server, you can always call a secured remote method ( a noop that really does nothing but provide a hook from which to kick off security checks) from within the client-side LoginModule's login method.

          As for useFirstPass(word), check out the code in AbstractServerLoginModule. It allows for the use of a shared password:
          @option password-stacking: if true, the login identity will be taken from the
          javax.security.auth.login.name value of the sharedState map, and
          the proof of identity from the javax.security.auth.login.password
          value of the sharedState map.

          • 2. Re: login problem
            William Kaufman Newbie

            You should probably call the noop from within the commit() method (not login()) of the LoginModule, to ensure that the Principals and Credentials have already been collected.

            • 3. still a login problem
              Daniel Schaller Newbie


              first, thank you for your answer. Well I have just tried out to make a lookup and to call the create() method to a session bean within the commit() method of the ClientLoginModule. But I get a java.net.NoRouteToHostException. But I can connect my server! Are there are some properties for the LoginContext which enable or disable net-connections within the methods of ClientLoginModules!?!

              thanks a lot

              Daniel Schaller

              • 4. Re: login problem
                Daniel Schaller Newbie


                the problem with the NoRouteToHostException has been fixed.