1 Reply Latest reply on Dec 11, 2009 2:15 AM by David Hosier

    Use EJB inside a LoginModule, repeated calls to login()

    Thomas Wölfl Newbie

      We try to access a EJB stateless service inside a custom LoginModule. The problem is that the login() method is called again and again when the the EJB stateless service is accessed.

      public class DatabaseServerLoginModuleTm3 extends DatabaseServerLoginModule
       public boolean login() throws LoginException
       try {
       boolean successLogin = super.login();
       return successLogin;
       catch ( LoginException e ) {
       throw e;
       private void increaseFailedLogins()
       if ( this.getClaimedUsername() == null ) {
       InitialContext ctx = new InitialContext();
       return (PersonServiceLocal) ctx.lookup( "PersonServiceBean/local" );
       PersonServiceLocal personService = lookupContactService();
       Person person = personService.getPersonByUsername( this.getClaimedUsername() );
       personService.increaseFailedLoginsForPerson( person );

      In jboss.xml we defined the security domain "TM3-security" for all beans:


      In login-config.xml the used login-modules are defined:

      <application-policy name = "TM3-security">
       <login-module code = "org.jboss.security.auth.spi.RunAsLoginModule" flag = "required">
       <module-option name="roleName">LoginModuleUser</module-option>
       <login-module code = "com.tm3.erp.core.business.DatabaseServerLoginModuleTm3" flag = "required">
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       <module-option name = "dsJndiName">java:/PostgresDS</module-option>
       <module-option name = "ignorePasswordCase">false</module-option>
       <module-option name = "principalsQuery">xy</module-option>
       <module-option name = "rolesQuery">xy</module-option>
       <login-module code="org.jboss.security.ClientLoginModule" flag="required">
       <module-option name="multi-threaded">true</module-option>
       <module-option name="restore-login-identity">true</module-option>

      We tried to moved the called EJB (PersonService) to a different Security Domain using the annotions:
      a) @org.jboss.ejb3.annotation.SecurityDomain("java:/jaas/other")
      b) @org.jboss.security.annotation.SecurityDomain ("java:/jaas/other")

      No success. Any ideas? Thank you.