geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Fwd: [jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored
Date Tue, 22 Aug 2006 01:16:41 GMT
Hello,

GERONIMO-2294 <http://issues.apache.org/jira/browse/GERONIMO-2294> In
security realm with multiple login modules, anything after the first is
ignored <http://issues.apache.org/jira/browse/GERONIMO-2294> is categorized
as a blocker.  It is more than 2 days since I have submitted patches for
this issue.  But, I do not see any activity on this JIRA.  I wonder if this
JIRA is that important.  Can some committer take a look at the patches and
see if they are acceptable?  Or is there something specific I need to do to
get someone's attention to this JIRA?

Thanks,
Vamsi
---------- Forwarded message ----------
From: Vamsavardhana Reddy (JIRA) <dev@geronimo.apache.org>
Date: Aug 19, 2006 7:33 AM
Subject: [jira] Updated: (GERONIMO-2294) In security realm with multiple
login modules, anything after the first is ignored
To: c1vamsi1c@gmail.com

     [ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]

Vamsavardhana Reddy updated GERONIMO-2294:
------------------------------------------

    Attachment: GERONIMO-2294-2.patch

GERONIMO-2294-2.patch:  Introduces a performAbort() method
JaasLoginServiceMBean.  with this change, the abort() method is also invoked
twice (like login() and commit() methods) once during the "fake" round and a
second time after login() when  the overall authentication is failure.

Both the patches need to be applied.

I have verified that these two patches address  the other two dependent
issues GERONIMO-2266 and GERONIMO-2267.  The patches seems ok to me.  I
would suggest others to do a little bit of more testing to make sure that
these patches do not introduce new problems.

> In security realm with multiple login modules, anything after the first is
ignored
>
----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-2294
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2294
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: security
>    Affects Versions: 1.1
>            Reporter: Aaron Mulder
>         Assigned To: Vamsavardhana Reddy
>            Priority: Blocker
>             Fix For: 1.1.1
>
>         Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch,
security-test-webapp.war, test-realm.xml
>
>
> If you deploy the attached plan to create a security realm the same as the
default except with a second login module, and put breakpoints in the
login() method of both login modules, the first login module is called twice
as expected (once to gather callbacks and again for real) but the second
login module is never called at all!
> The attached web app uses this realm, just deploy it at point to
http://localhost:8080/security/index.html to get the login, and put
breakpoints in
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule and
org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message