Wolfgang Knauf [http://community.jboss.org/people/WolfgangKnauf] replied to the discussion
"JAAS + EJB3.0 + Jboss unable to propaogate" To view the discussion, visit: http://community.jboss.org/message/551439#551439 -------------------------------------------------------------- Hi, I think you could use a simpler approach to your login module, as you need the standard functionality of username + password plus an additional EJB access check. So, your login module could be a subclass of e.g. "org.jboss.security.auth.spi.DatabaseServerLoginModule" (source code e.g. here: http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html ) , and you might add your own EJB access check to an override of "getRoleSets": @Override protected Group[] getRoleSets() throws LoginException { String username = getUsername(); Group[] roleSets = super.getRoleSets(); //Try to access EJB here: if ( ejbaccessFail) { roleSets = new Group[0]; } return roleSets; } If the EJB access fails with a security exception, you could return an empty RoleSet. Think about it, hopefully your security config will become much easier by this, and hopefully error detection will be easier. By the way: to configure your login module, you might use this approach, too (you need 5.1 for this): http://server.dzone.com/articles/security-features-jboss-510 http://server.dzone.com/articles/security-features-jboss-510 Best regards Wolfgang -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/551439#551439] Start a new discussion in EJB 3.0 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
