Hi,
I'm trying to figure out how to use JAAS with multiple modules, and I'm
confused about the logic that it uses to process modules. Please help
me. As a simple test, I have the following login.config:
DebugLogin {
DebugLoginModule sufficient
succeed=false
;
DebugLoginModule required
succeed=true
;
};
DebugLoginModule is a very simple module which will either succeed or
fail, depending how it is configured in the config, as shown above.
Other than that, it does nothing but to log which method is being
invoked (and a unique identifier, so I know which instance is being
called). With the above config, I get the following log:
1: initialize()
1: login()
2: initialize()
2: login()
1: commit()
What I don't understand is why instance #2's commit() is never called.
This is a toy example, but in my real-world case this results in my
principals from instance #2 not being added to the subject. :(
Thanks!
Jim
P.S. On a side note, I noticed from looking at the source code that
activemq's PropertiesLoginModule adds the username and group principals
to the subject even when its own authentication attempt fails (i.e.,
overall authentication succeeded despite PLM's authentication failing),
which is contrary to the javadoc for LoginModule.commit(). Is this
intentional?
