From: Fee L. C. <fe...@va...> - 2002-07-22 16:23:22
|
Hello, I have been using multiple login modules with JBoss 3.0.1RC1. I still suspect that the flags are not working rght. My requirements are if first login module succeeds, it returns to my application. If it fails, it goes to the second login module. For some reasons, the "sufficient" flag in the first module returns regardless of success or failure. It does not proceed down to the second login module when fails. Could someone confirm this problem? My login modules are: <application-policy name = "TrafalgarLogin"> <authentication> <!-- For internal user not exposed to the outside world; Used for internal login--> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "sufficient" /> <!-- Enterprise's own LDAP user database --> <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "optional"> <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-optio n> <module-option name = "java.naming.provider.url">ldap://trafalgar:389</module-option> <module-option name = "java.naming.security.authentication">simple</module-option> <module-option name = "principalDNPrefix">uid=</module-option> <module-option name = "principalDNSuffix">,ou=Users,o=Trafalgar</module-option> <module-option name = "uidAttributeID">uniqueMember</module-option> <module-option name = "roleAttributeID">ou</module-option> <module-option name = "rolesCtxDN">ou=Roles,o=Trafalgar</module-option> <module-option name = "matchOnUserDN">true</module-option> </login-module> </authentication> </application-policy> Thanks, fee |