Hi,

I'm trying to use an EJB to verify login/password matching, but the loginmodule.abord method is called every time I'm trying to access to the remote interface...
It throws no exception, but the method login method is stopped !

Is there any conflict between EJB security and web container security ?

My LoginModule :

public class PimLoginModule extends UsernamePasswordLoginModule {

 public MyLoginModule() {

 }

 @Override
 public boolean abort() throws LoginException {
 System.out.println("Abort login");
 return super.abort();
 }

 @Override
 public boolean logout() throws LoginException {
 System.out.println("Logout...");

 return super.logout();
 }

 @Override
 protected String getUsersPassword() throws LoginException {
 System.out.println("username : " + getUsername());
 try {
 UserHome home = UserUtil.getHome();

 User user = home.findUserByUserName(getUsername());
 return user.getPassword();
 } catch (Exception e) {
 e.printStackTrace();
 throw new LoginException("Impossible to authenticate user ");
 }
 }

 @Override
 protected Group[] getRoleSets() throws LoginException {
...
...
 }

 @Override
 protected boolean validatePassword(String inputPassword,
 String expectedPassword) {
 System.out.println("inputPassword : [" + inputPassword
 + "] expectedPassword : [" + expectedPassword + "]");
 return expectedPassword.equals(inputPassword);
 }

}