1 Reply Latest reply on Oct 7, 2002 6:27 AM by Stefan Heckler

    problems with multiple login modules

    Dag Naess Newbie


      Hi all.
      I have problems combining 2 login modules. First I wrote 2 custom login
      modules which individually work fine. But when I combine them like this:

      <application-policy name = "connectClientDomain">
      <authentication>
      <login-module code = "no.boostcom.security.MedlemsregisterLoginModule"
      flag = "sufficient">
      <module-option name "unauthenticatedIdentity">anybody</module-option>
      </login-module>

      <login-module code = "no.boostcom.security.AdminLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">anybody</module-option>
      </login-module>
      </authentication>
      </application-policy>

      They suddenly do not work. Which I found very strange. I tried sevral
      combinations of login-module flags like (optional, optional), (sufficient,
      required), (sufficient, optional), (sufficient, sufficient) and so on without
      any visible effect. Next I tried switching login modules from my custom login
      modules to trivial UsersRolesLoginModules, which also work fine individually
      but combined they still fail if one of them fails no matter how you set the
      flags. I've also tried switching VM from sun's 1.4.0 to IBM1.3 but the result
      is still the same:

      2002-07-10 15:25:31,875 DEBUG [org.jboss.ha.jndi.HAJNDI] lookupLocally
      2002-07-10 15:25:32,333 DEBUG
      [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for
      username=daniel
      2002-07-10 15:25:32,388 DEBUG
      [org.jboss.security.plugins.JaasSecurityManager.connectClientDomain] Login
      failure
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password
      Required
      at
      org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:146)
      at
      org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:119)
      at java.lang.reflect.Method.invoke(Native Method)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:664)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
      at
      org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:381)
      at
      org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:347)
      at
      org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
      at
      org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:165)
      at
      org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:93)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:109)
      at
      org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
      at org.jboss.ejb.Container.invoke(Container.java:726)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:362)
      at java.lang.reflect.Method.invoke(Native Method)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:242)
      at sun.rmi.transport.Transport$1.run(Transport.java:155)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:152)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:462)
      at
      sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:662)
      at java.lang.Thread.run(Thread.java:498)
      2002-07-10 15:25:33,009 ERROR [org.jboss.ejb.plugins.SecurityInterceptor]
      Authentication exception, principal=daniel
      2002-07-10 15:25:50,342 DEBUG
      [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Resized cache for
      bean PossibleAttribute: old capacity = 1000000, new capacity = 50


      After this I tend to suspect there might be a bug lurking in the shadows of
      JBossSX. Can somebody please confirm this, or give me some clue about what I
      might do wrong.

      thanx...
      -DAG-

        • 1. Re: problems with multiple login modules
          Stefan Heckler Novice

          Hi,
          I got the same problem. I wan to combine 2 Login modules with attribute "sufficient", so if the first fails to authentificate (no oracle connect possible), the second module should authentificate. But nevertheless if the first failes and the second succeeds, I get always an authentification exception. Each alone work fine.

          Did You solve the problem meanwhile?

          Thanks for Your answer
          Stefan Heckler