-
1. Re: Chaining of Login Modules fails
nicknewman Oct 10, 2002 4:47 PM (in response to sheckler)I've checked, and JBoss appears to work fine. I did see something that looked very like your problem, but the fault was mine!
Check your login-config carefully to make sure you only have ONE set of tags around TWO <login-module> tags.
If you have accidentally put tags around EACH <login-config>, then JBoss silently ignores all but the first login-config, which would look to you like the problem you have. -
2. Re: Chaining of Login Modules fails
nicknewman Oct 10, 2002 4:54 PM (in response to sheckler)I've checked, and JBoss appears to work fine. I did see something that looked very like your problem, but the fault was mine!
Check your login-config carefully to make sure you only have ONE set of tags around TWO <login-module> tags.
If you have accidentally put tags around EACH <login-config>, then JBoss silently ignores all but the first login-config, which would look to you like the problem you have. -
3. Re: Chaining of Login Modules fails
sheckler Oct 11, 2002 11:37 AM (in response to sheckler)Hi,
thanks for Your answer. I checked Your hint. This is my login-config:
<application-policy name="otherDB_PSI_Auth">
<login-module
code="cmd.security.auth.spi.PSIServerLoginModule" flag="sufficient">
<module-option name="debug">true</module-option>
<module-option name="dsJndiName">java:/OracleAuthenticationDS</module-option>
</login-module>
<login-module
code="cmd.security.auth.spi.PSIServerLSLoginModule" flag="sufficient">
<module-option name="debug">true</module-option>
</login-module>
</application-policy>
So I think it is correct. While authenticating both modules are always asked and if one of them failes, a security exception iis thrown. I tryied many combinations of flags, but they seem to have no influence on the behavior. There must be some other problem. I am using JBoss 3.0.0 and I tryied 3.0.3 with no change.
Stefan Heckler -
4. Re: Chaining of Login Modules fails
linw88 Oct 25, 2002 10:47 PM (in response to sheckler)Not sure if you fixed this problem yet. Jboss3.0.0 has a bug. JBoss3.0.3 fixed it. We have chained lgoin-modules in 3.0.3, they work fine. If you have to stick with 3.0.0, you will have to change LoginModuleControlFlag's toString method to
public String toString()
{
return controlFlag;
} -
5. Re: Chaining of Login Modules fails
sheckler Nov 19, 2002 7:29 AM (in response to sheckler)Thanks for that helpful hint, but I did not really understand, where to override the toString method (I am bound to JBoss 3.0.0).
Stefan (sheckler@psi.de)