0 Replies Latest reply on Jan 1, 2007 12:34 PM by steve++

    JAAS: LoginModule questions

    steve++

      I'm writing a custom LoginModule, which raises a few questions:

      1. Is it possible to package a custom LoginModule implementation on a per-application basis, or does it only work server-wide?

      2. Assuming a server-wide LoginModule, is it possible to have a separate login-congig.xml per application? If so, what is its relationship to the server-wide login-config.xml (i.e. which one overrides that other one in the event of conflicts)?

      3. Does a LoginModule implementation automatically have the necessary security clearance to use any restricted session beans (i.e. beans annotated with @RolesAllowed) and/or session bean methods? I ask this because I want my LoginModule implementation to use a stateless session bean to access login data.