Hi,
I'm trying to use an EJB to verify login/password matching, but the loginmodule.abord method is called every time I'm trying to access to the remote interface...
It throws no exception, but the method login method is stopped !
Is there any conflict between EJB security and web container security ?
My LoginModule :
public class PimLoginModule extends UsernamePasswordLoginModule { public MyLoginModule() { } @Override public boolean abort() throws LoginException { System.out.println("Abort login"); return super.abort(); } @Override public boolean logout() throws LoginException { System.out.println("Logout..."); return super.logout(); } @Override protected String getUsersPassword() throws LoginException { System.out.println("username : " + getUsername()); try { UserHome home = UserUtil.getHome(); User user = home.findUserByUserName(getUsername()); return user.getPassword(); } catch (Exception e) { e.printStackTrace(); throw new LoginException("Impossible to authenticate user "); } } @Override protected Group[] getRoleSets() throws LoginException { ... ... } @Override protected boolean validatePassword(String inputPassword, String expectedPassword) { System.out.println("inputPassword : [" + inputPassword + "] expectedPassword : [" + expectedPassword + "]"); return expectedPassword.equals(inputPassword); } }