I'm using jboss 5.1 with JDK 1.6 in a Ubuntu 10.10.
The role history is that i'm trying to make a unique login per user, denying that two users enter with the same account simutaneously in a portal (eXo Platform).
So for that I wrote a login module that do this job. And i'm testing with a configuration that includes 2 login modules. First the UsersRolesLoginModule and second my login module.
Ok it is working when the user enter for the first time. But when i try to login in another machine with the same account, the JBoss might think "Hey this guy is already loaded, what a hell, i won't will execute the login modules again." And all the 2 login modules don't display any log information like if they didnt be executed.
Sounds like JBoss AS is caching the user's credentials after the first time it looks up the user. I don't see any configuration option that governs this. You might try turning logging up to the TRACE level for the login module code. You can do that by adding this to the jboss-log4j.xml file:
Perhaps the differences in the log file between first and second login will point you to some code to look at. If you are lucky, you'll see that the behavior is governed by an option which you can change. If you are not lucky, you will have to modify the code.
Thanks for your advice. I solved the problem, thanks for the help. Apparently as you told me the problem is that the JBoss was making cache from the login. So i changed the jboss-service.xml to not make cache from it.
And it works. But not for my case, because the login module execute the logout before the login everytime the user attempt to enter again in the other browser.
Solution for my case:
Create a filter that manages the users online that are keeping in a set in the application scope. Use a session listener to remove the user from the set.
The solution must be clustered, so the application scope is not distributed.
Maybe i need to access the JBoss Cache from the JBoss to keep the set.