[JBoss-user] Multiple login modules Configuration flag problem

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

I have been using multiple login modules with JBoss 3.0.1RC1.  I still
suspect that the flags are not working rght.  My requirements are if first
login module succeeds, it returns to my application.  If it fails, it goes
to the second login module.  For some reasons, the "sufficient" flag in the
first module returns regardless of success or failure.  It does not proceed
down to the second login module when fails.  Could someone confirm this
problem?  My login modules are:

<application-policy name = "TrafalgarLogin">
       <authentication>

          <!-- For internal user not exposed to the outside world; Used for
internal login-->
          <login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "sufficient" />

          <!-- Enterprise's own LDAP user database -->
          <login-module code = "org.jboss.security.auth.spi.LdapLoginModule"
             flag = "optional">
             <module-option name =
"java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-optio
n>		 
             <module-option name =
"java.naming.provider.url">ldap://trafalgar:389</module-option>		 
             <module-option name =
"java.naming.security.authentication">simple</module-option>		 
             <module-option name = "principalDNPrefix">uid=</module-option>

             <module-option name =
"principalDNSuffix">,ou=Users,o=Trafalgar</module-option>
		 <module-option name =
"uidAttributeID">uniqueMember</module-option>
	       <module-option name = "roleAttributeID">ou</module-option>
             <module-option name =
"rolesCtxDN">ou=Roles,o=Trafalgar</module-option>
	       <module-option name = "matchOnUserDN">true</module-option>

	    </login-module>

       </authentication>
</application-policy>

Thanks,
fee