1 Reply Latest reply on Dec 11, 2009 2:15 AM by David Hosier

    Use EJB inside a LoginModule, repeated calls to login()

    Thomas Wölfl Newbie

      We try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed.

      public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule
      {
       @Override
       public boolean login() throws LoginException
       {
       try {
       boolean successLogin = super.login();
       return successLogin;
       }
       catch ( LoginException e ) {
       increaseFailedLogins();
       throw e;
       }
       }
      
       private void increaseFailedLogins()
       {
       if ( this.getClaimedUsername() == null ) {
       return;
       }
       InitialContext ctx = new InitialContext();
       return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" );
      
       PersonServiceLocal personService = lookupContactService();
       Person person = personService.getPersonByUsername( this.getClaimedUsername() );
      
       personService.increaseFailedLoginsForPerson( person );
       }
      }
      


      In jboss.xml we defined the security domain "TM3-security" for all beans:

      <jboss>
       <security-domain>java:/jaas/TM3-security</security-domain>
       <unauthenticated-principal>guest</unauthenticated-principal>
      </jboss>
      



      In login-config.xml the used login-modules are defined:

      <application-policy name = "TM3-security">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required">
       <module-option name="roleName">LoginModuleUser</module-option>
       </login-module>
      
       <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required">
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       <module-option name = "dsJndiName">java:/PostgresDS</module-option>
       <module-option name = "ignorePasswordCase">false</module-option>
       <module-option name = "principalsQuery">xy</module-option>
       <module-option name = "rolesQuery">xy</module-option>
       </login-module>
      
       <login-module code="org.jboss.security.ClientLoginModule" flag="required">
       <module-option name="multi-threaded">true</module-option>
       <module-option name="restore-login-identity">true</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions:
      a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other")
      b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other")

      No success. Any ideas? Thank you.