JAAS authentication not invoked on subsequent requests

StackOverflow https://stackoverflow.com/questions/19047631

Question

I am using a custom module to authenticate users of my SOAP interface using Jboss, based on JAAS. It is just a simple BASIC authentication, using username and password.

I am currently using SOAPUI to test the interface, and setting authorization credentials on the specific request. This is the problem:

  1. Making a request with user1, all works as expected, getting authentizied.
  2. Making a request with user2, all works as expected, getting authentizied.
  3. Requests are no longer running through the JAAS authentication code, and subject not updated with roles etc.

So in short making subsequent requests with different users make no difference. BTW, I am using "Close connection after request" on SOAP UI as I thought this may be the source. But the problem continued.

What am I missing in the request cycle here, should the custom module not be run on every request?

Regards, OM

Was it helpful?

Solution

I figured this out in the end myself. There was no wrong settings etc on the client side. But when setting up the module in jboss's standalone.xml, the cache-type was set.

If cache-type is removed from the security-domain section, the module will be called on every request.

            <security-domain name="example" cache-type="default">
                <authentication>
                    <login-module code="com.example.loginModule" flag="required"/>
                </authentication>
            </security-domain>

Hope this might help someone else.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top