0 Replies Latest reply on Feb 28, 2007 11:42 AM by Jaber C. Mourad

    Using EJB in LoginModule

    Jaber C. Mourad Novice

      Hi,

      I'm trying to use an EJB to verify login/password matching, but the loginmodule.abord method is called every time I'm trying to access to the remote interface...
      It throws no exception, but the method login method is stopped !

      Is there any conflict between EJB security and web container security ?

      My LoginModule :

      public class PimLoginModule extends UsernamePasswordLoginModule {
      
       public MyLoginModule() {
      
       }
      
       @Override
       public boolean abort() throws LoginException {
       System.out.println("Abort login");
       return super.abort();
       }
      
       @Override
       public boolean logout() throws LoginException {
       System.out.println("Logout...");
      
       return super.logout();
       }
      
       @Override
       protected String getUsersPassword() throws LoginException {
       System.out.println("username : " + getUsername());
       try {
       UserHome home = UserUtil.getHome();
      
       User user = home.findUserByUserName(getUsername());
       return user.getPassword();
       } catch (Exception e) {
       e.printStackTrace();
       throw new LoginException("Impossible to authenticate user ");
       }
       }
      
       @Override
       protected Group[] getRoleSets() throws LoginException {
      ...
      ...
       }
      
       @Override
       protected boolean validatePassword(String inputPassword,
       String expectedPassword) {
       System.out.println("inputPassword : [" + inputPassword
       + "] expectedPassword : [" + expectedPassword + "]");
       return expectedPassword.equals(inputPassword);
       }
      
      }
      


      Many thanks if you have any useful idea !