| I'll try to look at this in the next couple days. I have to spend some time on a plane and will have somewhat limited internet access so if someone such as alan wants to take a look that would be fine.
I think we need Matts approval to put it in 1.1.1
thanks david jencks On Aug 21, 2006, at 6:16 PM, Vamsavardhana Reddy wrote: Hello,
GERONIMO-2294 In security realm with multiple login modules, anything after the first is ignored is categorized as a blocker. It is more than 2 days since I have submitted patches for this issue. But, I do not see any activity on this JIRA. I wonder if this JIRA is that important. Can some committer take a look at the patches and see if they are acceptable? Or is there something specific I need to do to get someone's attention to this JIRA?
Thanks,
Vamsi
---------- Forwarded message ----------
From: Vamsavardhana Reddy (JIRA) <dev@geronimo.apache.org>
Date: Aug 19, 2006 7:33 AM
Subject: [jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored
To: [EMAIL PROTECTED]
[ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]
Vamsavardhana Reddy updated GERONIMO-2294:
------------------------------------------
Attachment: GERONIMO-2294-2.patch
GERONIMO-2294-2.patch: Introduces a performAbort() method JaasLoginServiceMBean. with this change, the abort() method is also invoked twice (like login() and commit() methods) once during the "fake" round and a second time after login() when the overall authentication is failure.
Both the patches need to be applied.
I have verified that these two patches address the other two dependent issues GERONIMO-2266 and GERONIMO-2267. The patches seems ok to me. I would suggest others to do a little bit of more testing to make sure that these patches do not introduce new problems.
> In security realm with multiple login modules, anything after the first is ignored
> ----------------------------------------------------------------------------------
>
> Key: GERONIMO-2294
> URL: http://issues.apache.org/jira/browse/GERONIMO-2294
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Assigned To: Vamsavardhana Reddy
> Priority: Blocker
> Fix For: 1.1.1
>
> Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch, security-test-webapp.war, test-realm.xml
>
>
> If you deploy the attached plan to create a security realm the same as the default except with a second login module, and put breakpoints in the login() method of both login modules, the first login module is called twice as expected (once to gather callbacks and again for real) but the second login module is never called at all!
> The attached web app uses this realm, just deploy it at point to http://localhost:8080/security/index.html to get the login, and put breakpoints in org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule and org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
