geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored
Date Fri, 18 Aug 2006 20:11:14 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]

Vamsavardhana Reddy updated GERONIMO-2294:
------------------------------------------

    Attachment: GERONIMO-2294.patch

GERONIMO-2294.patch: Corrects login() and performLogin() methods in JaasLoginCoordinator to
account for "LoginModule.login() method throws LoginException upon failure"

With this patch the invocation of login modules happens as per the control-flags specified.

More is needed  since abort() method is not getting invoked on LoginModule classes incase
overall authentication is failure.

> In security realm with multiple login modules, anything after the first is ignored
> ----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-2294
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2294
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1
>            Reporter: Aaron Mulder
>         Assigned To: Vamsavardhana Reddy
>            Priority: Blocker
>             Fix For: 1.1.1
>
>         Attachments: GERONIMO-2294.patch, security-test-webapp.war, test-realm.xml
>
>
> If you deploy the attached plan to create a security realm the same as the default except
with a second login module, and put breakpoints in the login() method of both login modules,
the first login module is called twice as expected (once to gather callbacks and again for
real) but the second login module is never called at all!
> The attached web app uses this realm, just deploy it at point to http://localhost:8080/security/index.html
to get the login, and put breakpoints in org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
and org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message