Hi Jim, can you create a test case(s) that demonstrate issues you having and raise Jira issues, so we can investigate further? You can take tests in activemq-jaas module as an example.
Cheers -- Dejan Bosanac - http://twitter.com/dejanb Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Fri, Apr 23, 2010 at 5:57 AM, Jim Newsham <jnews...@referentia.com>wrote: > > Hi, > > I'm trying to figure out how to use JAAS with multiple modules, and I'm > confused about the logic that it uses to process modules. Please help me. > As a simple test, I have the following login.config: > > DebugLogin { > DebugLoginModule sufficient > succeed=false > ; > DebugLoginModule required > succeed=true > ; > }; > > DebugLoginModule is a very simple module which will either succeed or fail, > depending how it is configured in the config, as shown above. Other than > that, it does nothing but to log which method is being invoked (and a unique > identifier, so I know which instance is being called). With the above > config, I get the following log: > > 1: initialize() > 1: login() > 2: initialize() > 2: login() > 1: commit() > > What I don't understand is why instance #2's commit() is never called. > This is a toy example, but in my real-world case this results in my > principals from instance #2 not being added to the subject. :( > > Thanks! > Jim > > P.S. On a side note, I noticed from looking at the source code that > activemq's PropertiesLoginModule adds the username and group principals to > the subject even when its own authentication attempt fails (i.e., overall > authentication succeeded despite PLM's authentication failing), which is > contrary to the javadoc for LoginModule.commit(). Is this intentional? > >
