Details
-
Bug
-
Resolution: Done
-
Major
-
JBossAS-3.2.6 Final
-
None
Description
SourceForge Submitter: drmlipp .
I'm using my own login module since 2.x. One special
feature of this module is that the principal returned
after successful authentication is not the user name.
It is a special id associated with the user name (yes,
this does make sense, actually it is common practice:
think of Unix, your user id is independant of your
login name which allows you to change your name [e.g.
marry] without having to change the owner of all your
files afterwards; the same applies here: if a user name
changes, I do not want to create a new user and copy
the role assignments from the "old" to the "new" user).
When upgrading from 3.2.5 to 3.2.6, my module didn't
work anymore. I tracked things down and found that the
result of the name callback issued in my login module
now depends on the invocation context. When my login
module is invoked by the web tier (step 1), I get the
username as it was entered in the browser's
username/password prompt. Later, when the web tier
(i.e. servlet) tries to invoke ejbs' methods (step 2),
the ejb container invokes my login module again. But
now I get the name of the principal returned by my
login module during step 1, not the user name entered
by the user in the authentication dialog. Before 3.2.6,
I got the user name here as well.