Hello JBoss Community, I'm in the middle of developing my own custom login module for JBoss, due to unique security environments within my organization.
I posted earlier to Beginner's Corner, but I realize that this really isn't a beginner's question. I implemented an extension of AbstractServerLoginModule. I stepped through the code with my remote debugger. I noticed that the username and passwords are stored in the call back handler, not in the shared state map. Then I look at the JBoss code on sourceforge cvs. I'm afraid to use the UsernamePasswordLoginModule because it has Strings for username and password in one method. Is that secure? Then I browse through the other classes, and it there seems to be this notion of a shared state map that stores the username and password. What is the purpose of that construct? Isn't that a security hole? I am guessing that it is not, but I want to know why. Also, what's the purpose of isFirstPass? Thank you. -M View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3852624#3852624 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3852624 ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user