2 Replies Latest reply on Apr 25, 2004 10:04 AM by Scott Stark

    LoginModules thread safe?

    Tom Crosman Newbie

      I'm creating a login module that validate against NOVELL LDAP.

      In order to validate I need to create a connection to the LDAP Server.
      For performance reasons (new connection overhead is high) I'd like to
      get the user's role/groups when they pass authentication.

      Since the call to getRoleSets() happens a some point in time after validatePassword() I'm wondering if the cached role sets could be over written (a race condition).

      Or, is a new LoginModule instance created for each user login.

      Thanks.

        • 1. Re: LoginModules thread safe?
          Steve Lewis Expert

          The LoginModule RoleSets correspond to one user. So there's not a race condition.

          I'm currently using Novell LDAP libs with a custom LoginModule, that extends the LdapLoginModule.

          Let me know if you have any issues. Our LDAP schema is custom, so it may not be exactly what you use, but the technical issues should be pretty similar.

          • 2. Re: LoginModules thread safe?
            Scott Stark Master

            A new LoginModule is created for each login when authentication is required. The roles for the user are obtained from the resulting subject outside of the authentication call and does not use the getRoleSets as this was used to populate the Subject. Read the JAAS howto for more info on how the login modules are used.