0 Replies Latest reply on May 18, 2007 5:15 AM by Phil Shrimpton

    Should RunAsLoginModule remove the principal?

    Phil Shrimpton Newbie


      I am sucessfully using RunAsLoginModule so my custom LoginModule can access secured EJBs.

      The problem I am having is that in the case of incorrect username/password the RunAsLoginModule is not removing the principal it is creating so the 'Forms Based Authentication' thinks the login has worked, but the Principal has no roles so I get a 403 error rather than being sent to the loginError.jsp. The principal name is the incorrectly entered one.

      Is this how it is expected to work?

      Many Thanks