1 Reply Latest reply on Mar 20, 2006 9:04 AM by j2ee_junkie

Question about login module and EJB

kosl Mar 19, 2006 6:23 PM

Dear All,

I was wondering since a long time about custom login modules and whether it is possible somehow to write such a login module which would use EJB. Why ? Just because I'm developing a web application which stores user data in Container managed entity beans and it would be very appropriate for me to operate on those beans not on raw database, furthermore I would like to log every attempt of login into the system even if it's not successful.

My doubts come from the fact that I must define the security/login policy in login-config.xml file and of course before deploying my application this login module using EJB wont be available on the server (since the application will be not deployed).

Is there any way of solving this problem? Thx a lot in advance for any advice.

Karol

1. Re: Question about login module and EJB

j2ee_junkie Mar 20, 2006 9:04 AM (in response to kosl)

karol,

Please see thread http://www.jboss.com/index.html?module=bb&op=viewtopic&t=79268

The problem is like this. You have an EJB that can log users into your realm. This is usefull to handle complex logins that are not handled by simply accessing an database directly. And you also have a custom LoginModule (say login module A) that uses this EJB to perform the login. However, when login module A accesses the secured EJB, it needs to authenticate as well. If your login module A is also the login module used to secure your EJB, then a cycle develops.

If you have another login module B, that is used to secure your EJB, then it must not access your EJB to perform the login.

I have yet to solve this problem, but if I do, I will reply on forum #79268.

cgriffith.
Actions