2 Replies Latest reply on Nov 17, 2005 2:49 PM by jason1

    Proper usage of ClientLoginModule's multi-threaded = true?

    jason1 Newbie

      I use this config from MDBs that login in onMessage(), perform secured calls to EJBs, then logout. I set it up to with "multi-threaded"=true to prevent another MDB from logging out a shared JAAS LoginContext. Is this a correct use of this attribute?

      Anyway, a side note I've seen is this that I never get an authentication cache hit?! Every MDB.onMessage() hits my configured LoginModules and never sees the cache. And, yes, I've read Chapt 8... but found nothing to help troubleshoot my problem.

      Thanks


      <!--
       CTMS-server-security-domain
      
       ClientLoginModule tells JBoss to pass security context along
       with the request. This is necessary for server-side in-VM
       services such as MBeans to login and call secured EJBs.
       See org.jboss.security.ClientLoginModule Javadoc for more
       information on configurable module-option(s).
      
       The multi-threaded=true module-option tells JBoss to store the
       login information in a separate ThreadLocal, so there is no
       shared data across multiple threads.
      
       JDBCLoginModule tells JBoss to check against security tables
       for authentication information.
       -->
       <application-policy name="CTMS-server-security-domain">
       <authentication>
       <login-module code="cdot.jboss.JDBCLoginModule" flag="required">
       <module-option name="ds-jndi-name">java:/OracleDS</module-option>
       <module-option name="principals-query">SELECT PASSWORD_TXT FROM SECURITY_USER WHERE TYPE_SECURITY_STATUS_CD = 1 AND USER_NAME_TXT=?</module-option>
       <module-option name="roles-query">SELECT GROUP_NAME_TXT, ROLE_NAME_TXT FROM V_ROLES WHERE USER_NAME_TXT = ?</module-option>
       </login-module>
       <login-module
       code="org.jboss.security.ClientLoginModule"
       flag="required">
       <module-option name="multi-threaded">true</module-option>
       </login-module>
       </authentication>
       </application-policy>