Hi,
I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs.
The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp. The principal name is the incorrectly entered one.
Is this how it is expected to work?
Many Thanks