activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Newsham <>
Subject jaas module processing logic
Date Fri, 23 Apr 2010 03:57:28 GMT


I'm trying to figure out how to use JAAS with multiple modules, and I'm 
confused about the logic that it uses to process modules.  Please help 
me.  As a simple test, I have the following login.config:

DebugLogin {
     DebugLoginModule sufficient
     DebugLoginModule required

DebugLoginModule is a very simple module which will either succeed or 
fail, depending how it is configured in the config, as shown above.  
Other than that, it does nothing but to log which method is being 
invoked (and a unique identifier, so I know which instance is being 
called).  With the above config, I get the following log:

1: initialize()
1: login()
2: initialize()
2: login()
1: commit()

What I don't understand is why instance #2's commit() is never called.  
This is a toy example, but in my real-world case this results in my 
principals from instance #2 not being added to the subject. :(


P.S.  On a side note, I noticed from looking at the source code that 
activemq's PropertiesLoginModule adds the username and group principals 
to the subject even when its own authentication attempt fails (i.e., 
overall authentication succeeded despite PLM's authentication failing), 
which is contrary to the javadoc for LoginModule.commit().  Is this 

View raw message