activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: jaas module processing logic
Date Mon, 26 Apr 2010 09:02:01 GMT
Hi Jim,

can you create a test case(s) that demonstrate issues you having and raise
Jira issues, so we can investigate further? You can take tests in
activemq-jaas module as an example.

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Fri, Apr 23, 2010 at 5:57 AM, Jim Newsham <jnewsham@referentia.com>wrote:

>
> Hi,
>
> I'm trying to figure out how to use JAAS with multiple modules, and I'm
> confused about the logic that it uses to process modules.  Please help me.
>  As a simple test, I have the following login.config:
>
> DebugLogin {
>    DebugLoginModule sufficient
>        succeed=false
>        ;
>    DebugLoginModule required
>        succeed=true
>        ;
> };
>
> DebugLoginModule is a very simple module which will either succeed or fail,
> depending how it is configured in the config, as shown above.  Other than
> that, it does nothing but to log which method is being invoked (and a unique
> identifier, so I know which instance is being called).  With the above
> config, I get the following log:
>
> 1: initialize()
> 1: login()
> 2: initialize()
> 2: login()
> 1: commit()
>
> What I don't understand is why instance #2's commit() is never called.
>  This is a toy example, but in my real-world case this results in my
> principals from instance #2 not being added to the subject. :(
>
> Thanks!
> Jim
>
> P.S.  On a side note, I noticed from looking at the source code that
> activemq's PropertiesLoginModule adds the username and group principals to
> the subject even when its own authentication attempt fails (i.e., overall
> authentication succeeded despite PLM's authentication failing), which is
> contrary to the javadoc for LoginModule.commit().  Is this intentional?
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message