geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Updated: (GERONIMO-2294) In security realm with multiple login modules, anything after the first is ignored
Date Sat, 19 Aug 2006 02:03:14 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-2294?page=all ]

Vamsavardhana Reddy updated GERONIMO-2294:
------------------------------------------

    Attachment: GERONIMO-2294-2.patch

GERONIMO-2294-2.patch:  Introduces a performAbort() method JaasLoginServiceMBean.  with this
change, the abort() method is also invoked twice (like login() and commit() methods) once
during the "fake" round and a second time after login() when  the overall authentication is
failure.

Both the patches need to be applied.

I have verified that these two patches address  the other two dependent issues GERONIMO-2266
and GERONIMO-2267.  The patches seems ok to me.  I would suggest others to do a little bit
of more testing to make sure that these patches do not introduce new problems.

> In security realm with multiple login modules, anything after the first is ignored
> ----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-2294
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2294
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1
>            Reporter: Aaron Mulder
>         Assigned To: Vamsavardhana Reddy
>            Priority: Blocker
>             Fix For: 1.1.1
>
>         Attachments: GERONIMO-2294-2.patch, GERONIMO-2294.patch, security-test-webapp.war,
test-realm.xml
>
>
> If you deploy the attached plan to create a security realm the same as the default except
with a second login module, and put breakpoints in the login() method of both login modules,
the first login module is called twice as expected (once to gather callbacks and again for
real) but the second login module is never called at all!
> The attached web app uses this realm, just deploy it at point to http://localhost:8080/security/index.html
to get the login, and put breakpoints in org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
and org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message