Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 14323 invoked from network); 5 Dec 2005 16:47:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Dec 2005 16:47:42 -0000 Received: (qmail 84428 invoked by uid 500); 5 Dec 2005 16:47:30 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 84315 invoked by uid 500); 5 Dec 2005 16:47:30 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 84281 invoked by uid 99); 5 Dec 2005 16:47:29 -0000 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Dec 2005 08:47:29 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 450E9E1 for ; Mon, 5 Dec 2005 17:47:08 +0100 (CET) Message-ID: <1443875090.1133801228249.JavaMail.jira@ajax.apache.org> Date: Mon, 5 Dec 2005 17:47:08 +0100 (CET) From: "Aaron Mulder (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-1203) LoginConfig processing can silently do the wrong thing In-Reply-To: <1090610166.1132449264913.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-1203?page=all ] Aaron Mulder updated GERONIMO-1203: ----------------------------------- Fix Version: 1.0 (was: 1.1) Assign To: Aaron Mulder This should be an easy fix -- I'll look at it for 1.0 > LoginConfig processing can silently do the wrong thing > ------------------------------------------------------ > > Key: GERONIMO-1203 > URL: http://issues.apache.org/jira/browse/GERONIMO-1203 > Project: Geronimo > Type: Bug > Components: deployment, security > Versions: 1.0-M5 > Reporter: Aaron Mulder > Assignee: Aaron Mulder > Priority: Critical > Fix For: 1.0 > > If you deploy a security realm using a LoginConfig block, and you set the login domain name to be the same for every login module in the realm, only one of the login modules is actually deployed, and no error is generated. > I'm not clear why you can't have more than one login module with the same login domain in the same realm. If you have an extra login module that doesn't produce principals but works in conjunction with the main login module (for auditing, for example), then why would you need to specify a distinct login domain for it? It looks like we use the login domain name as the GBean name, but maybe we should just call them "LoginModule1" through "LoginModuleN" or something instead. > Nevertheless, if this is an error condition, we should not deploy the realm with only one login module, we should throw a DeploymentException. > > > Aaron > > geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo > > > > > Aaron > org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule > var/security/demo_users.properties > var/security/demo_groups.properties > > > Aaron > org.apache.geronimo.security.realm.providers.GeronimoPasswordCredentialLoginModule > > > Aaron > org.apache.geronimo.security.realm.providers.FileAuditLoginModule > var/log/login.log > > > Aaron > org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule > 3 > 60 > 600 > > > > > -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira