LoginModule getting invoked twice in jboss (before accessing secured EJB3 method)

Question

Its been quite a while I'm stuck with this.I've wriiten my own login module XtrLdapLoginModule which implements the javax.security.auth.spi.LoginModule to authenticate users against three credentials viz. username, password and account. I couldn't use the LdapExtLoginModule cause it wouldn't help me authenticate against a particular account. So this login module communicates with the ldap server and authenticates and authorizes the user.

I have defined a policy in login-config.xml which mentions the above login module along with ClientLogin module of jboss (As per my knowledge, ClientLogin is required to propogate credentials into the EJB tier from web tier and it worked pretty well with other LoginModules) And I use the org.jboss.security.client.SecurityClient to do the login from servlet.

I have defined my own CredentialsCallbackHandler which handles UserNameCallback,PasswordCallback and TextInputCallback (to capture account name from user).

All these things work fine. The Subject I receive in the Servlet has the required roles as well. But when I try to access any secured method from my Stateless bean which has role based access, my loginmodule is invoked once again and tries to re-authenticate! Thats one issue and secondly the second time, it throws UnsupportedCallbackExcpetion which,I reckon , is thrown when the handler tries to handle the TextInpuCallback.

The re-authentication does not take place if I use Jboss's login modules (eg: LdapExtLoginModule). When I checked the server.log, i noticed that when I'm using my own custom module, the log shows 2010-10-01 18:04:19,743 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) Begin isValid, principal:admin, cache info: null 2010-10-01 18:04:19,743 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) defaultLogin, principal=admin

While, If I use LdapExtLoginModule, the entry is 2010-09-29 19:05:47,243 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) Begin isValid, principal:admin, cache info: org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@12cc4c[Subject(4801549).principals=org.jboss.security.SimplePrincipal@10293758(admin)org.jboss.security.SimpleGroup@32111280(Roles(members:Admin)),credential.class=[C@18396898,expirationTime=1285768211655] 2010-09-29 19:05:47,243 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) Begin validateCache, info=org.jboss.security.plugins.auth.JaasSecurityManagerBase$DomainInfo@12cc4c[Subject(4801549).principals=org.jboss.security.SimplePrincipal@10293758(admin)org.jboss.security.SimpleGroup@32111280(Roles(members:Admin)),credential.class=[C@18396898,expirationTime=1285768211655];credential.class=[C@18396898 2010-09-29 19:05:47,243 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) End validateCache, isValid=true 2010-09-29 19:05:47,243 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.eazypractice] (http-127.0.0.1-8080-1) End isValid, true 2010-09-29 19:05:47,244 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (http-127.0.0.1-8080-1) [Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=admin;method=securedMethod; 2010-09-29 19:05:47,245 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-127.0.0.1-8080-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED] 2010-09-29 19:05:47,245 TRACE [org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate] (http-127.0.0.1-8080-1) method=public java.lang.String xtremum.health.api.bean.AccountBean.securedMethod(), interface=Local, requiredRoles=Roles(Admin,) 2010-09-29 19:05:47,246 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (http-127.0.0.1-8080-1) [Success]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@170a25e}:method=public java.lang.String xtremum.health.api.bean.AccountBean.securedMethod():ejbMethodInterface=Local:ejbName=AccountBean:ejbPrincipal=admin:MethodRoles=Roles(Admin,):securityRoleReferences=null:callerSubject=Subject: Principal: admin Principal: Roles(members:Admin) Hence the EJB tier happily accepts the user and allows access to the method.

What m I doing wrong? Is it normal to re-authenticate the user before accessing EJB tier methods? And if it is, then how do I go about the UnsupportedCallbackException? [Sorry if that was too descriptive! I tried my best to keep it short! :) ]