2 Replies Latest reply on Jul 12, 2004 2:42 AM by elvis.ciocoiu

    I need SRPPrincipal?

    elvis.ciocoiu Newbie

      The method login() of ClientLoginModule is using SimplePrincipal for the member loginPrincipal. And the commit() method sets this member in the SecurityAssociation. My problem is that if I want to use more than one session for a user. What is the best way of doing that?

      Now I'm using a CustomClientLoginModule that binds the SRPPrincipal instantiated in the SRPLoginModule.commit(). Is this the recomended solution?

      Please excuse my ugly english.
      Thanks.

        • 1. Re: I need SRPPrincipal?
          Scott Stark Master

          If your using SRP you should to be combining the org.jboss.security.srp.jaas.SRPLoginModule and org.jboss.security.ClientLoginModule with password-stacking="useFirstPass" so that the ClientLoginModule simply accepts whatever type of Principal has been set in the sharedState map under the javax.security.auth.login.name key. However, the SRPLoginModule is putting the principal username into the sharedState rather than the SRPPrincipal so your workaround is fine.

          This change has been checked in for 3.2.6+

          • 2. Re: I need SRPPrincipal?
            elvis.ciocoiu Newbie

            Thank you for the answer.

            My workaround is like you sugested but I'm not realy satisfied with it. That's because I can't use the SecurityAssociationActions (the visibility is at package level) and another problem is that the direct use of SecurityAssociation is discouraged by you in your documentation materials as being internal API and passible of changes). So I'm realy waiting for the 3.2.6 version ....

            I love your work. Thank you.