Yes this was my first idea as well. I know I can implement a
JAAS login
module for the client side which will get invoked under and
circumstances. But I need to account for the login failures on the
server side. I don't want to implement a client side JAAS
login module
which will
From: Sebastian Hauer [mailto:[EMAIL PROTECTED]
server side. I don't want to implement a client side JAAS
login modul
In my first answer I mean server-side JAAS login module.
You can write one big module which makes all work ( autentification/
authorization and failure counter ), or
Hi Kevin,
would just be to unsafe. I want to account for the login
failure where
they get checked on the server side.
Secure your beans by assigning a JAAS security domain in
jboss.xml. This will cause the server to invoke the
associated JAAS modules and allow you to achieve the
Hi Vladimír,
In my first answer I mean server-side JAAS login module.
You can write one big module which makes all work (
autentification/ authorization and failure counter ), or
I understand that I can use a server-side JAAS login module.
As Kevin suggested I could secure a bean with the
Hiya Sebastian.
So you suggest that I do something like this:
1. Authenticate the user with a client side JAAS login module
We are not actually performing any client side authentication
as such, we use the jboss JAAS login module solely to capture
the user's credentials. The captured
Hi Vladimír Kevin,
Thanks for your help I think I understand it now.
Regards,
Sebastian
---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on
Hi Vladimir,
Try implement own login-module which checks if was XXX login
failures.
( see code in
$JBOSS-SRC/security/src/main/org/jboss/security/auth/spi ).
Then set-up this module into application-policy in
login-config.xml with flag=required.
Yes this was my first idea as well. I