"jrosenbl" wrote : Hi | | This is the actual problem we are encountering. We are using Jaas for login to the web container and to the ejb container. I have used the DatabaseServerLoginModule without any changes up to now. The initial logon page causes the DatabaseServerLoginModule to be called and then the first call to an ejb causes the DatabaseServerLoginModule to be called a second time after which the caching kicks in. This all works fine. | | Now we would like to add a third parameter (username, password, reference) into the login process. I have changed my callback handler to accomodate this and am using the ObjectCallback to hold the reference. I have changed the DatabaseServerLoginModule and UsernamePasswordLoginModule to accomodate the new parameter. The initial logon to the web container works fine but the second login call to the ejb container fails. | | I am aware that the Login Modules from JBoss which I am using were only written to accomodate the username and password. As far as I can ascertain the reason that the second login fails are that the ClientLoginModule is not passing the third parameter, and the SecurityAssociationHandler puts the password into the ObjectCallback and not the reference which is what I want. I also don't know at this stage how to call another method in the SecurityAssocationHandler that will handle 3 parameters. | | So my problem here seems to be that I can't get my third parameter through the login process. I have tried to add it to the Subject as a new Principal without success. I have also tried to add it to the sharedState without success. | | So my questions are | Can I override the ClientLoginModule with a new one. | Can I override the SecurityAssociationHandler. | Can I easily configure security to use the new modules. | Does my approach make any sense. | Am I on the right track or am I tackling something I should leave alone. | Can I just set the third parameter by calling the SecurityAssociation and then override the SecurityAssociationHandler to handle the third parameter.
Why not just do your application based security? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3942264#3942264 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3942264 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user