This content has been marked as final.
Show 2 replies
-
1. Re: receiving both my custom callback handler AND SecurityAs
sionut2 Mar 29, 2007 6:37 AM (in response to sionut2)Probably I need to give you some more details.. I need this second login module to authenticate my ws calls. The login from the web site works very well, but if I add my login module to the existing configuration the login modules are called twice, as I told you in my previous message.
I just realized that, if I add a new<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <application-policy name = "policy1"> <authentication> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> </login-module> <login-module code = "my.first.login.module" flag = "required"> </login-module> </authentication> </application-policy> <application-policy name = "policy2"> <authentication> <login-module code="my.second.login.module" flag="required"> </login-module> </authentication> </application-policy> </policy>
section in my emp-login-config.xml and include there my login module, it gets called only once. So I found the cause of the problem, but I can't explain why it happens like this.
I have nothing against using another security domain for my WS authentication, but the problem is my EJBs are declared with @SecurityDomain("policy1"); as a consequence, when the WS calls my EJB I'm getting an exception (obvious, I know)
Anybody ? Any idea ? -
2. Re: receiving both my custom callback handler AND SecurityAs
sionut2 Mar 29, 2007 8:49 AM (in response to sionut2)When I declare my.first.login.module as "sufficient" I am able to access the EJBs, although they are declared with
@SecurityDomain("policy1")
and I log on using the following code:LoginContext lc = new LoginContext("policy2", cbHandler); lc.login();
When I'm debugging with Eclipse, it seems my.first.login.module is still touched, although it shouldn't (it's in policy1, not policy2)
Any ideas why ?