5 Replies Latest reply on Dec 28, 2006 12:48 PM by Ionut S

    my login method is accessed twice

    Ionut S Newbie

      Hi,
      I have the following configuration in my login-config.xml file:

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE policy PUBLIC
       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
      <policy>
       <application-policy name="emp-mft">
       <authentication>
       <login-module
       code="org.jboss.security.ClientLoginModule"
       flag="required">
       </login-module>
      
       <login-module
       code="com.xxx.MyCustomLoginModule1"
       flag="sufficient">
       <module-option name="tryFirstPass">true</module-option>
       <module-option name="replacePass">true</module-option>
       </login-module>
      
       <login-module
       code="com.xxx.MyCustomLoginModule2"
       flag="sufficient">
       </login-module>
      
      </authentication>
       </application-policy>
      </policy>
      


      I have 2 problems:
      1) My login/commit methods in MyCustomLoginModule1 and MyCustomLoginModule2 are called twice. Is it supposed to work like that ?
      From what I read about login modules, I think I should get a single login/commit or login/abort - depending on the overall result.

      2) In my current tests MyCustomLoginModule2 does the main work - it is the one that performs the login. As I was saying, I get 2 calls to the login method: one of them is succesfull, the other is not.
      - If I set required for MyCustomLoginModule2, I'm getting a failed overall result because one of the logins fails.(if it would be only one, I woulnd't have this problem).
      - If I set sufficient for it, my calls pass through, no matter if the credentials are valid or not (and that's because ClientLoginModule is always successful, so the overall is successful). For some weird reason, the login that fails doesn't have any importance here..

      Any help would be greatly appreciated !