RE: [JBoss-dev] security exception in 2.4 final

Thu, 23 Aug 2001 02:01:46 -0700 

Hi Luke,

what You are describing is the nomal behavior. First tomcat get a request
whitout login information on a secured page. It tries to authenticate a user
with null name and pwd. After the authentication faild tomcat reject the
request to the login screen. Maybe a further version of tomcat will fix the
and reject requests without username direct to the login screen.
jboss could only supress the stack trace in this case.

Andreas

P.S.: Do You use 2.4 final too?

>  -----Original Message-----
> From: Luke Taylor [SMTP:[EMAIL PROTECTED]]
> Sent: 23 August 2001 11:10
> To:   [EMAIL PROTECTED]
> Subject:      Re: [JBoss-dev] security exception in 2.4 final
> 
> 
> 
> "Schouten, Andreas" wrote:
> > 
> > Hello,
> > 
> > today I upgradet from 2.4.0.23 to 2.4.0 (file
> JBoss-2.4.0_Tomcat-3.2.3.zip).
> > 
> > We use integated tomcat and jaas security.
> > The first login is successful also calling a stateless session bean is
> > successful. But when a second instance of this bean is created a
> security
> > exception occur. The username seams to be lost.
> > 
> > (The same ear works under 2.4.0.23)
> >
> 
> This sounds very similar to the problem I posted to the security forum
> yesterday. I get exactly the same exception, but in my case it isn't
> losing the username - it throws the exception before the login occurs
> and before the principal has been set. As soon as the user attempts to
> access a web URL which has a security contraint applied, the exception
> occurs and then the login goes ahead. Thereafter everything proceeds as
> normal - I can make as many requests as I want without any further
> problems ...
> 
> Luke.
>  
> > [Default] Found StatelessSessionHome // after lookup the home interface
> > [Default] javax.security.auth.login.FailedLoginException: No matching
> > username found in Principals
> > [Default]       at
> >
> org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(Dat
> ab
> > aseServerLoginModule.java
> > :96)
> 
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development


If you have received this e-mail in error or wish to read our e-mail disclaimer 
statement and monitoring policy, please refer to
http://www.drkw.com/disc/email/ or contact the sender.

_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to