geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored
Date Tue, 22 Aug 2006 03:51:34 GMT
I'll try to look at this in the next couple days.  I have to spend  
some time on a plane and will have somewhat limited internet access  
so if someone such as alan wants to take a look that would be fine.

I think we need Matts approval to put it in 1.1.1

thanks
david jencks

On Aug 21, 2006, at 6:16 PM, Vamsavardhana Reddy wrote:

> Hello,
>
> GERONIMO-2294 In security realm with multiple login modules,  
> anything after the first is ignored is categorized as a blocker.   
> It is more than 2 days since I have submitted patches for this  
> issue.  But, I do not see any activity on this JIRA.  I wonder if  
> this JIRA is that important.  Can some committer take a look at the  
> patches and see if they are acceptable?  Or is there something  
> specific I need to do to get someone's attention to this JIRA?
>
> Thanks,
> Vamsi
> ---------- Forwarded message ----------
> From: Vamsavardhana Reddy (JIRA) <dev@geronimo.apache.org>
> Date: Aug 19, 2006 7:33 AM
> Subject: [jira] Updated: (GERONIMO-2294) In security realm with  
> multiple login modules, anything after the first is ignored
> To: c1vamsi1c@gmail.com
>
>      [ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]
>
> Vamsavardhana Reddy updated GERONIMO-2294:
> ------------------------------------------
>
>     Attachment: GERONIMO-2294-2.patch
>
> GERONIMO-2294-2.patch:  Introduces a performAbort() method  
> JaasLoginServiceMBean.  with this change, the abort() method is  
> also invoked twice (like login() and commit() methods) once during  
> the "fake" round and a second time after login() when  the overall  
> authentication is failure.
>
> Both the patches need to be applied.
>
> I have verified that these two patches address  the other two  
> dependent issues GERONIMO-2266 and GERONIMO-2267.  The patches  
> seems ok to me.  I would suggest others to do a little bit of more  
> testing to make sure that these patches do not introduce new problems.
>
> > In security realm with multiple login modules, anything after the  
> first is ignored
> >  
> ---------------------------------------------------------------------- 
> ------------
> >
> >                 Key: GERONIMO-2294
> >                 URL: http://issues.apache.org/jira/browse/ 
> GERONIMO-2294
> >             Project: Geronimo
> >          Issue Type: Bug
> >      Security Level: public(Regular issues)
> >          Components: security
> >    Affects Versions: 1.1
> >            Reporter: Aaron Mulder
> >         Assigned To: Vamsavardhana Reddy
> >            Priority: Blocker
> >             Fix For: 1.1.1
> >
> >         Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch,  
> security-test-webapp.war, test-realm.xml
> >
> >
> > If you deploy the attached plan to create a security realm the  
> same as the default except with a second login module, and put  
> breakpoints in the login() method of both login modules, the first  
> login module is called twice as expected (once to gather callbacks  
> and again for real) but the second login module is never called at  
> all!
> > The attached web app uses this realm, just deploy it at point to  
> http://localhost:8080/security/index.html to get the login, and put  
> breakpoints in  
> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule 
>  and  
> org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLog 
> inModule
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the  
> administrators: http://issues.apache.org/jira/secure/ 
> Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/ 
> software/jira
>
>


Mime
View raw message