JBoss Custom Login Module Only Works Once
Question
I have written a custom login module for JBoss that authenticates/authorizes requests to a web service. The first call to the service authenticates fine. I can connect a debugger to the login module and trace the code execution. However, all subsequent calls to the web service skip the login module entirely. It appears JBoss/jaas is reusing the results of the first connection.
I'm stuck. Any suggestions to get me over the hump?
2 answers
solution1
1 2009-07-26 15:30:23
I figured it out. I was trying to setup cookie based authentication. Apparently, JBoss/Jaas caches successful authentications based on username and password and cookies are ignored. To get things working, I dropped the cookie from the web service request and replaced it with a username and password in the authentication header.
solution2
0 2009-07-23 23:45:40
Is the authentication/authorization associated with a session object? How have you set the timeout/invalidation of the session?
JBOSS is probably caching the credential somehow. You want it to skip the login module in that case. You should only invalidate it if you log out or timeout the session.
Did you test it with two separate users/browsers, each with their own session?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.