I am trying to perform JAAS authentication logic through a call to an unprotected session bean (which is a part of a security domain which contains protected and unprotected beans). I know, that this is less than ideal, however I do not have a choice because it is part of a very large application and I need to harness custom framework logic that is built into the application ejb layer. In doing so, I find my self in an endless loop between my login module and the call to the unprotected session bean.
Has anyone else tried this before, or know something I can do to fix the problem? The strange thing is that it was working under JBoss 3.2.3, however when I upgraded to version 3.2.5, I began to get the endless loop. I can not be 100% sure that the upgrade is to blame, because something could have changed in my app (we have many developers working on it) that could also be triggering the problem. More Details on my configuration: Login-Config | <application-policy name = "desktop-app"> | <authentication> | <login-module code="org.jboss.security.auth.spi.AnonLoginModule" | flag = "sufficient"> | <module-option name = "unauthenticatedIdentity">anonymous</module-option> | </login-module> | | <login-module code="security.authentication.jaas.DesktopJBossLoginModule" | flag = "sufficient" /> | </authentication> | </application-policy> | I put the AnonLoginModule first to allow JBoss to authenticate my login module's access to the unprotected bean so the endless loop does not happen. I am unsecuring beans by using the following tags inside the ejb.xml | <method-permission> | <unchecked/> | <method> | <ejb-name>SomeBeanName</ejb-name> | <method-name>*</method-name> | </method> | </method-permission> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3847689#3847689 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3847689 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
