Hi all, We've been trying to use JAAS in our application to authenticate and authorize people. Cause our userdata is stored in a database we provided an own LoginModule which accesses the database and calls the callback handlers method.This Login Module worked fine on Tomcat. Now we move the stuff to BEA and run into problems. It seems that our LoginModule isn't called and so the user access is always denied.
We started the app with -Djava.security.auth.login.config=%WL_HOME%\server\lib\jaas.config
The file contains:
Do we have to provide something else so our LoginModule is used ? I read something about a Authenticator which has to be definied in the security realm. And this class contains which LoginModule to use. But is this really necessary ?
Hope you can gelp me. Thx in Advance
Oliver
BTW: Here is what i get in the audit log:
<admin><AUTHENTICATE>>> <FailureException =javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied>
0
