You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by "Pesendorfer, Tom" <to...@eds.com> on 2005/01/30 18:56:32 UTC
Why is the login portlet authenticating twice?
I only managed to login in Jetspeed-2's login portlet (running on JBoss!) by
adding the users and passwords from the HSQLDB database to the
users.properties (also added the roles to the roles.properties) used by
JBoss' default login module
(org.jboss.security.auth.spi.UsersRolesLoginModule) - this (I assume) would
be the equivalent to the tomcat-users.xml. The first question is: Why is
this used rather than the
org.apache.jetspeed.security.impl.DefaultLoginModule from login.conf? Is it
because I haven't got the "Jetspeed" realm defined?
Secondly, it seems, when I login, it's first validating against the file
(using the web container) and then afterwards checking against the database.
Am I understanding this correct/is this how it's supposed to work? Can
someone shed some light on the design/intentions?
Also, every time I login, it sets the updateRequired attribute of the
credential to true and forces me to change the password. This in turn
screws up authentication because then the password does not match the one in
the file anymore. Any help or explanation/clarification much appreciated!
Regards,
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
Re: Why is the login portlet authenticating twice?
Posted by Marcel Dullaart <ma...@gmail.com>.
Hi,
I am not answering your question, but I am wondering what you did to
deploy J2 on JBoss.
First, which version of JBoss are you using?
And can you give me an overview of the steps taken to get J2 running
including portlets.
Thanx,
Marcel
On Mon, 31 Jan 2005 06:56:32 +1300, Pesendorfer, Tom
<to...@eds.com> wrote:
> I only managed to login in Jetspeed-2's login portlet (running on JBoss!) by
> adding the users and passwords from the HSQLDB database to the
> users.properties (also added the roles to the roles.properties) used by
> JBoss' default login module
> (org.jboss.security.auth.spi.UsersRolesLoginModule) - this (I assume) would
> be the equivalent to the tomcat-users.xml. The first question is: Why is
> this used rather than the
> org.apache.jetspeed.security.impl.DefaultLoginModule from login.conf? Is it
> because I haven't got the "Jetspeed" realm defined?
> Secondly, it seems, when I login, it's first validating against the file
> (using the web container) and then afterwards checking against the database.
> Am I understanding this correct/is this how it's supposed to work? Can
> someone shed some light on the design/intentions?
> Also, every time I login, it sets the updateRequired attribute of the
> credential to true and forces me to change the password. This in turn
> screws up authentication because then the password does not match the one in
> the file anymore. Any help or explanation/clarification much appreciated!
>
> Regards,
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org