1 Reply Latest reply on Mar 27, 2002 3:30 PM by Luke Taylor

    When does the Container call LoginModule?

    Ryan Lentell Newbie

      I have a simple question, I have been unable to answer looking at the jboss documents and j2ee specifications. I am sure it is there, but I can't find it.

      When does the container call the server side LoginModule?

      I have simple test application, that makes its first call to the server without performing a jaas login on the client. The container calls my custom login module and I assign a default role to the user. I then perform a jaas login on the client and attempt to call another bean that is protected under a different role. I would expect the server to call my custom login module again, because new principals have been assigned. However, it does not and an Insufficent Method Permissions exception is thrown.

      Could anyone point me to the rules the container uses for calling the login module?

      Thanks for any help!

      Ryan

        • 1. Re: When does the Container call LoginModule?
          Luke Taylor Novice

          > When does the container call the server side LoginModule?

          The simple answer :) is that it is called when the security interceptor checks the validity of the supplied credentials in the method invocation. It calls

          isValid() on the security manager (JAASSecurityManager)
          which creates a login context and calls login on it.

          Thereafter it's up to JAAS to invoke your configured login modules. So if you have done a client login using the ClientLoginModule this will change the principal as you say. If there is no cached information for this principal then you should see another call on your login module.

          Luke.