[jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored

Fri, 18 Aug 2006 19:06:20 -0700 

     [ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]

Vamsavardhana Reddy updated GERONIMO-2294:
------------------------------------------

    Attachment: GERONIMO-2294-2.patch

GERONIMO-2294-2.patch:  Introduces a performAbort() method 
JaasLoginServiceMBean.  with this change, the abort() method is also invoked 
twice (like login() and commit() methods) once during the "fake" round and a 
second time after login() when  the overall authentication is failure.

Both the patches need to be applied.

I have verified that these two patches address  the other two dependent issues 
GERONIMO-2266 and GERONIMO-2267.  The patches seems ok to me.  I would suggest 
others to do a little bit of more testing to make sure that these patches do 
not introduce new problems.

> In security realm with multiple login modules, anything after the first is 
> ignored
> ----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-2294
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2294
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1
>            Reporter: Aaron Mulder
>         Assigned To: Vamsavardhana Reddy
>            Priority: Blocker
>             Fix For: 1.1.1
>
>         Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch, 
> security-test-webapp.war, test-realm.xml
>
>
> If you deploy the attached plan to create a security realm the same as the 
> default except with a second login module, and put breakpoints in the login() 
> method of both login modules, the first login module is called twice as 
> expected (once to gather callbacks and again for real) but the second login 
> module is never called at all!
> The attached web app uses this realm, just deploy it at point to 
> http://localhost:8080/security/index.html to get the login, and put 
> breakpoints in 
> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule and 
> org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to