[ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]
Vamsavardhana Reddy updated GERONIMO-2294: ------------------------------------------ Attachment: GERONIMO-2294-2.patch GERONIMO-2294-2.patch: Introduces a performAbort() method JaasLoginServiceMBean. with this change, the abort() method is also invoked twice (like login() and commit() methods) once during the "fake" round and a second time after login() when the overall authentication is failure. Both the patches need to be applied. I have verified that these two patches address the other two dependent issues GERONIMO-2266 and GERONIMO-2267. The patches seems ok to me. I would suggest others to do a little bit of more testing to make sure that these patches do not introduce new problems. > In security realm with multiple login modules, anything after the first is > ignored > ---------------------------------------------------------------------------------- > > Key: GERONIMO-2294 > URL: http://issues.apache.org/jira/browse/GERONIMO-2294 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 1.1 > Reporter: Aaron Mulder > Assigned To: Vamsavardhana Reddy > Priority: Blocker > Fix For: 1.1.1 > > Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch, > security-test-webapp.war, test-realm.xml > > > If you deploy the attached plan to create a security realm the same as the > default except with a second login module, and put breakpoints in the login() > method of both login modules, the first login module is called twice as > expected (once to gather callbacks and again for real) but the second login > module is never called at all! > The attached web app uses this realm, just deploy it at point to > http://localhost:8080/security/index.html to get the login, and put > breakpoints in > org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule and > org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira