5 Replies Latest reply on Dec 28, 2006 12:48 PM by sionut2

my login method is accessed twice

sionut2 Dec 22, 2006 11:15 AM

Hi,
I have the following configuration in my login-config.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
 <application-policy name="emp-mft">
 <authentication>
 <login-module
 code="org.jboss.security.ClientLoginModule"
 flag="required">
 </login-module>

 <login-module
 code="com.xxx.MyCustomLoginModule1"
 flag="sufficient">
 <module-option name="tryFirstPass">true</module-option>
 <module-option name="replacePass">true</module-option>
 </login-module>

 <login-module
 code="com.xxx.MyCustomLoginModule2"
 flag="sufficient">
 </login-module>

</authentication>
 </application-policy>
</policy>

I have 2 problems:
1) My login/commit methods in MyCustomLoginModule1 and MyCustomLoginModule2 are called twice. Is it supposed to work like that ?
From what I read about login modules, I think I should get a single login/commit or login/abort - depending on the overall result.

2) In my current tests MyCustomLoginModule2 does the main work - it is the one that performs the login. As I was saying, I get 2 calls to the login method: one of them is succesfull, the other is not.
- If I set required for MyCustomLoginModule2, I'm getting a failed overall result because one of the logins fails.(if it would be only one, I woulnd't have this problem).
- If I set sufficient for it, my calls pass through, no matter if the credentials are valid or not (and that's because ClientLoginModule is always successful, so the overall is successful). For some weird reason, the login that fails doesn't have any importance here..

Any help would be greatly appreciated !

1. Re: my login method is accessed twice

sionut2 Dec 23, 2006 6:45 AM (in response to sionut2)

Come on, guys.. At least some tips where I should look for it..

I can't believe nobody faced this problem before !
Actions
2. Re: my login method is accessed twice

anil.saldhana Dec 26, 2006 1:29 PM (in response to sionut2)

Is this for your own jaas login or the one done by JBoss?

One call maybe from the jbosssx and the other maybe from your own jaas auth.
Actions
3. Re: my login method is accessed twice

sionut2 Dec 27, 2006 4:27 AM (in response to sionut2)

"anil.saldhana@jboss.com" wrote:
Is this for your own jaas login or the one done by JBoss?

Indeed, this happens for my custom login module (com.xxx.MyCustomLoginModule2).

"anil.saldhana@jboss.com" wrote:

One call maybe from the jbosssx and the other maybe from your own jaas auth.

I'm not sure I understand what you are saying.. I thought it should be only one call to login.. Anyway, do you have any advice on what should I change to get only one call to login ?
Actions
4. Re: my login method is accessed twice

anil.saldhana Dec 28, 2006 11:52 AM (in response to sionut2)

Can you not use a different application policy for your own logincontext.login() than the one specified for your web application?
Actions
5. Re: my login method is accessed twice

sionut2 Dec 28, 2006 12:48 PM (in response to sionut2)

No.. I initialize the LoginContext with the same application policy name as in the sample above (i.e. emp-mft).
Actions

Go to original post