Deploying a custom login module to the J2EE engine

Similar Messages

• Login module for the J2EE application

  Hi ,
  I am trying to use the BasicPasswordLoginModule for my J2EE application which will be deployed in the SAP J2EE engine.My application will not be accessed through the portal.
  I am having a login screen in my application for which i want to use the already avaliable login module. ie.. BasicPasswordLoginModule.
  When i am trying to get the login(). i am getting the following the error.
  "javax.security.auth.login.LoginException: No LoginModules configured for BasicPasswordLoginModule".
  Please let me know what needs to be done.
  PS: The version environment is CE 7.1
  Regards
  Abu Bakar

  Hi Julius
  I am totally confused, my application is a pure J2EE application which has only one screen which just displays the details. And i want only the login screen to be implemented. I have gone through a couple of dec from sap which tells to created a custom login module if requiredl but i want to user the FORM based authentication and use the BasicPasswordLoginModule(in-built in WAS)
  All that i am doing is written a web.xml with the following information:
  <login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
     <form-login-page>/home.jsp</form-login-page>
     <form-error-page>/relogin.jsp</form-error-page>
     </form-login-config>
    </login-config>
    <security-role>
      <role-name>App_Viewer</role-name>
    </security-role>
  web-j2ee-engine with following information:
  <security-role-map>
            <role-name>App_Viewer</role-name>
             <server-role-name>Administrator</server-role-name>
       </security-role-map>
       <login-module-configuration>
       <login-module-stack>
       <!-- Contains all login modules used for authentication -->
            <login-module>
            <!-- Contains information about one login module -->
                 <login-module-name>BasicPasswordLoginModule</login-module-name>
                 <flag>SUFFICIENT</flag>
                 <options>
                      <option>
                      <!-- The option UserNamePrefix determines that the user name must start with "Admin" -->
                      <name>UserNamePrefix</name>
                      <value>Admin</value>
                      </option>
                 </options>
            </login-module>
       </login-module-stack>
       <security-policy-domain></security-policy-domain>
  </login-module-configuration>
  And I am not sure, if the above mentioned details are enough. My implementation code is as follows:
  try {
            HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
            HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
            request.setAttribute(ILoginConstants.LOGON_UID_ALIAS, this.getUserName());
            request.setAttribute(ILoginConstants.LOGON_PWD_ALIAS, this.getPassword());
            UMFactory.getLogonAuthenticator().logon(request, response, "BasicPasswordLoginModule");
            status = success;
       } catch (Exception e) {
            e.printStackTrace();
            status = e.toString();
  In the NWA i have just configured the UserNamePrefix with Admin, thats all . Since the form login authentication method is already configure with the BasicPasswordLoginModule, I left it untouched.
  I also implemented a custom login module and deployed it but not sure how to use it in my code.
  Please let me know if i am in the rite track. Correct me if i am wrong. At the end of the day i want to use the login screen just to get authenticated. I am also not bothered about the password changing etc.. As the users who are going to use my application are the users in the Identity Management. Few portions of my screen should be allowed to be displayed based on the roles.
  PS: My application is not configured in the portal. Its an independent application deployed on the WAS(CE 7.1).
  Please advice
  Regards
  Abu Bakar

• Custom Login Module Break COTS J2EE Application

  I'm using a custom login module to authenticate users of a COTS J2EE application. The authentication works like a charm, but the COTS app breaks because it uses request.getRemoteUser() to obtain the user name for database lookups.
  When the custom login is in use, request.getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" instead of simply the user name (this differs from the standard XML provider, which returns only the user name).
  I used the sample login module from the Oracle documentation almost verbatim, the method is included below.
  Does anyone know why getRemoteUser() returns "[JAZNUserAdaptor: user=theuser]" and not just the user name? And how to make it stop doing that?
  Thanks in advance... any input is is greatly appreciated, of course.
       public boolean login() throws LoginException {
                 throw new LoginException("Error: no CallbackHandler available "
                           + "to garner authentication information from the user");
            // Setup default callback handlers.
            Callback[] callbacks = new Callback[] { new NameCallback("Username: "),
                      new PasswordCallback("Password: ", false) };
            try {
                 _callbackHandler.handle(callbacks);
            } catch (Exception e) {
                 _succeeded = false;
                 throw new LoginException(e.getMessage());
            String username = ((NameCallback) callbacks[0]).getName();
            String password = new String(((PasswordCallback) callbacks[1]).getPassword());
            if (isValidUser(username, password)) {
                 _succeeded = true;
                 _password = password.toCharArray();
                 _name = username;
       _authPrincipals = new CMPrincipal[2];
       authPrincipals[0] = new CMPrincipal(name);
       _authPrincipals[1] = new CMPrincipal("SecurityRole");
            ((PasswordCallback) callbacks[1]).clearPassword();
            callbacks[0] = null;
            callbacks[1] = null;
            if (!_succeeded) {
                 System.out.println("login did not succeed... throwing LoginException...");
                 throw new LoginException("Authentication failed: Password does not match");
            return true;
       }

  I know getUserPrincipal().getName() works, but since the J2EE application is a COTS product, I can't change the source code. I'm trying to get the vendor to make that change and release a patch. I was looking for something I might be able to do on my end to get the code to work.
  Thanks for the help.

• J2EE 6.40 Custom Login Module - how to config

  hello all,
  i am using WAS J2EE 6.40 Sneak Preview edition. Read all i can find about custom login module, in the forum and the online help. still confused. pls help.
  here is the background info:
  - i am writing a web app. the EAR file contains 5 ejbs, 1 war and bunch of java classes in jars.
  - access to my web app is protected through url pattern (in web.xml), i've defined the same named security role in web.xml and on j2ee engine.
  - my login module does the user name and password checking. both are stored in database through some other means.
  - login is FORM based
  following the discussion in another thread on the topic, i did the following:
  #1 develop my login module code. packaged it in a jar, then sda file. deploy the sda as a llibrary to the engine.
  #2 add my login module to the security store through the security provider service.
  #3 configure my web app to use the custom login module in web-j2ee-engine.xml
  #4 deploy my web app through the ear file
  at this point, in the visual administrator, i can see the library, the custom login module (added to the UME User Store), and also my web app has authentication set to use the custom login module (under policy configurations tab).
  now i try to login to my web app. it correctly complains when i enter non-existent user or wrong password and brings me to the login failed jsp page. but when i enter both correctly (as stored in my database), i get http 403 error code. i know it is 403 because i set that error code to a special jsp page in web.xml.
  question is why? now i create a user on the j2ee engine with the same name as in my user database. then i can login ok. i am confident that my login module is called since i see the println lines in j2ee engine server logs.
  ??? so i must be missing something obvious. is it because my web app is protected through security-role? i even tried removing all such roles, but still same problem.
  ??? or do i completely mis-understand how custom login modules are supposed to work. i thought it means i can authenticate users any way i want without having to use the j2ee engine's user mgmt. pls tell me if i am totally wrong.
  ??? or maybe my login module code is missing some key stmts. how should it tell the j2ee engine that a user is authenticated? in the login() method, it returns true if user name/passwd match. in the commit() method, it adds the principal to the subject. i don't what else is required.
  does anyone have a working scenario using custom login modules?
  thanks very much for your inputs and thoughts.
  wentao

  Hi Astrid,
  I guess I have the same understanding of JAAS as you. I want to deploy an application that internally makes use of JAAS to authenticate users. There is a LoginModule that authenticates users against some database tables containing all the user data and profile. The application was not designed to be deployed to NetWeaver. So it does not make use of UME or some other NetWeaver specific feature. Actually it handles user management and authoroization issues completely on its own. The only reason for having JAAS is to allow customers to plug in their own LoginModule to use some other kind of user store.
  When deploying the web application to a simple servlet engine like Tomcat, all I have to do is to register my LoginModule in the "jaas.conf" file that is parsed by JAAS default implementation. I also tell the JVM where my jaas.conf file is located by appending a "-Djava..." runtime parameter to the JVM startup script.
  When using other application servers like IBM WebSphere things become a bit different. Normally you use the administration GUI of that server to configure your LoginModules. WebSphere for example keeps the login configuration in an internal database rather than writing everything into a "jaas.conf" text file. But the way the application can use the LoginModule is the same as in Tomcat.
  But when it comes to Netweaver, it seems to me that it's not possible to define a LoginModule that your application can use WITHOUT having to couple it tightly to UME. Or did I get something wrong? Initially I've tried to modify the JVM's parameters (using SAP J2EE Config Tool) to include the location of my "jaas.conf" file containing the my login configuration. But that did not work. The parameter was really passed to the JVM but anyway my LoginModule was not found, I guess that NetWeaver has some own implementation of the JAAS interfaces that just ignore the plain text JAAS configuration files (like WebSphere also does).
  The documentation that I have downloaded from SDN doesn't seem to match the 6.4 sneak preview version that I just downloaded some days ago. They say you should deploy your LoginModule as a library and add a refernce to the application. I tried that out but it did not help. The login configuration that the application wants to access is still not found. Actually there seems to be no way to specify the name for a JAAS Login Configuration in NetWeaver. At least I cound not find that in the documentation.
  So basically my question is: is it possible to deploy an application that wants to use some own LoginModule (either deployed separately or together with the application, that does not matter) without making use of Netweaver specific features like UME? The application has its own user management infrastructure and just needs a way to setup a JAAS Login Configuration to access its own LoginModule.
  Thanks in advance
  Henning

• How to call custom Login Module from JSP

  Hi,
  I am stuck with the following issue:
  1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
  2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
  So I have the following questions:
  1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
  2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
  I'd appreciate any little help on this matter.
  Thanks and regards,
  Mike

  You have two alternatives to do this:
  You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
  You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
  Let us know which approach you prefer and whether you have difficulties implementing it!

• Custom login module with 10.1.3

  Hello all,
  I've been trying out Frank N's custom login module (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm) with JDev 10.1.3/OC4J 10.1.3 and am not having much luck.
  Whenever I add <property name="role.mapping.dynamic" value="true"/> to orion-application.xml, the application fails to deploy with java.lang.InstantiationException. I even get this error when I try to set up a custom login module using the enterprise manager for OC4J 10.1.3. Is this a bug, or does the doc need to be updated? Without this item configured, I do get the basic login prompt, but no logging or anything - which indicates to me that the custom login module is not even being called. Nothing on metalink either.
  Thanks,
  John

  hmm i dont know... custom login module (db authentication) definitely works with standalone 10.1.3.0.0 and jdevloper standalone, but it doesnt work with jdev embeded oc4j (jdevstudio1013\jdev\system\oracle.j2ee.10.1.3.36.73\embedded-oc4j)
  i have the code, and it works.. however the application is entirerly made in jdev 10.1.3.04 production, it is not migrated from previous jdev.. make sure to deploy from war file (i have prob to deploy from ear)
  the only big problem i got is to setup ssl in separate oc4j standalone (ssl works with jdev standalone) and make client athentication to work
  because it wont run as it should.. (i did not have this prob in 10.1.2.1)

• Custom login module - Not invoked...

  Hi All
  I have developed a custom login module and the necessary configuration steps in VA are performed. However, the custom login module is not called...
  1. Developed a Java DC as a Child DC in a Library DC.
  2. Added all the relevant jars needed as Used DC and Public Parts as required. Also updated the provider.xml with relevant references.
  3. Build and Deployed. (No errors found here..)
  4. In VA - Created a new Login Module.... updated the property LoginModuleClassLoaders to library:xyz where xyz is the name of the folder for deployed sda as found in cluster\j2ee\serverx\bin\ext...next updated the config tool for the same.... next modified the sap.com/irj*irj authentication as:
  Basic - Requisite
  CustomModule - Optional.
  Then performed server restart. Yet, login module not called. Any ideas as to where I am going wrong..?? (In my login module, just trying to retrieve the user name and change their attributes like lastname etc... )
  Thanks
  Deepak

  Issue solved....
  Had forgot to add the module to the ticket stack...

• Custom Login Module - ClassNotFound

  Hello all
  I developed a custom login module following the instructions I found here: http://help.sap.com/saphelp_nw04/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
  The general purpose of my module is to "filter" the username and look for (using the UMFactory) the corresponding uniqueUserID.
  The problem is that my LoginModule cannot be loaded due to "ClassNotFound" Error which I see in the defaultTrace.
  My steps were:
  1. Create my LoginModuleImplementation
  2. Create a Library as stated in the tutorial. Additionally I added some more references to the Library (Logging, webservices_lib) and successfully deplyed it to the J2EE-Server. I can see the file in one folder (...../j2ee/cluster/server0/bin/ext/MyModuleLib/MyModule.jar) so I think it's been correctly deployed.
  3. I configured its usage in the securtiy provider-UserManagementPolicies and with security provider-policy-ticket.
  4. I also ran the configtool to added it to the ClassLoader property there
  I double- no, fourth-checked everything and it's spelled correctly and exactly (case-sensitive) as in NWDS.
  So, do you have any idea please?
  By the way: Do you know where I can set the Severity-Level for the LoginModul-Stack, so I get more informational messages?
  Regards
  Michael

  Hi,
  The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
  Also I was able to modify the properties of the login module runtime, which made me very happy
  Dagfinn

• RFC Call in a custom login module

  Hi All,
  What is the best way to call a RFC/BAPI from a Custom Login Module, part of the login stacks?
  I want to avoid using JCo Client Service, do not want to hard code the connection values in the class.
  Have anyone of you come across such a situation?
  Can the custom login module access the Portal Runtime resources, like the Connector Gateway Service/Destination Service?
  Or it just runs inside the j2EE container?
  Thanks for your help
  Aakash
  Edited by: Aakash Jain on Nov 24, 2008 11:42 PM

  Hi All,
  What is the best way to call a RFC/BAPI from a Custom Login Module, part of the login stacks?
  I want to avoid using JCo Client Service, do not want to hard code the connection values in the class.
  Have anyone of you come across such a situation?
  Can the custom login module access the Portal Runtime resources, like the Connector Gateway Service/Destination Service?
  Or it just runs inside the j2EE container?
  Thanks for your help
  Aakash
  Edited by: Aakash Jain on Nov 24, 2008 11:42 PM

• Custom Login Module, SSO Ticket validity & Login Module Stack

  Hi everybody,
  we have a portal (running on jboss) which links to a J2EE web application (running on SAP WAS 6.40) which itself is protected by a custom login module and redirects to different WebDynpro applications (running on same WAS as the J2EE app) depending on some parameters.
  So when we go from the portal to the J2EE web application, the custom login module authenticates the user, creates a MYSAPSSO2 Cookie and then redirects to a webdynpro app.
  What happens is that the webdynpro app doesn't accept the cookie and redirects to the login mask.
  Looking at the request header parameter HOST we have the request coming from sub1.sub2.mycompany.com, which is the portal.
  The WAS is located on sub3.mycompany.com.
  If we manipulate the HOST parameter to sub2.mycompany.com everything works fine and the webdynpro app successfully authenticates the user.
  This does sound either like a domain relaxing issue or a multi domain issue, which we added as parameters to the CreateTicketLoginModule in the Login Module Stack for the J2EE web app.
  Unfortunately without result.
  Did anybody have a similar problem and can give some hints on how to solve this?
  Any help is appreciated
  Regards,
  md
  Edited by: Minh-Duc Truong on Jul 17, 2008 7:18 PM
  Edited by: Minh-Duc Truong on Jul 17, 2008 7:19 PM
  Edited by: Julius Bussche on Jul 18, 2008 7:25 PM

  Hi md,
  I have split your 2nd question into a seperate thread => That would make them easier to answer as well, which will help.
  You can find it here: Custom Login Module, LM Stack ignored
  Cheers,
  Julius
  Edited by: Julius Bussche on Jul 18, 2008 7:26 PM

• Custom Login Module - all modules ignored

  Hello,
  we created a custom login module and deployed it as library to the server. We than configured the login module as described in the SAP manual:
  http://help.sap.com/saphelp_nw70/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm
  First we had a little problem with the library path. The security log has a nice overview what login stack and what modules where called, for our module it stated u201CCannot load login module class u2026.u201D
  After reading the forum, we found that our login module path was wrong, we only added the class name as described in the tutorial. Correct was to use the library name from Visual Admin.
  But now, if we call the portal, the security log is just empty. It seems no stack and no module is called at all. If we remove our custom module from the ticket stack, everything is fine and we get an entry in the security log with the ticket stack and all remaining modules.
  If we add the custom login module to the stack again and enter username and password we get an error message that all modules are ignored.
  Does anybody know this error and maybe what to do?
  Best regards,
  Kai

  Hi Kai,
  have you solved your problem?
  Currently we are facing a similar Problem.
  We have a custom login module. I deployed everything like in the tutorial. There should be no Problem with the login module itself, as it is an exact copy of a working one. Class names are the same. The only difference is in package names, project names, library names. I adjusted the classloader to the new library and also adjusted the classname in the user store where the login module is configured.The login module is part of the "ticket" authentication stack.
  When we want to log on to the portal, we get an error like "all modules ignored".
  Maybe you have found a solution which is also suitable for our problem.
  Thanks
  Regards
  Pascal

• Custom Login Module Called by WebLogic

  I have managed to write and deploy a custom login module that works just fine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2. When WebLogic
  starts up, it seems to be calling my custom login module with a user of "system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception, weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom login module, WebLogic's
  system path points to the JAR with my login module and I can see the module get called.
  Any advice as to what WebLogic is doing here. This behavior does not seem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword = ((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " + uce.getCallback().toString()
  + " not available");

  Weblogic 6.x does not support replaceable server side login modules and only
  supports login modules on the client.
  <[email protected]> wrote in message
  news:3cf36c98$[email protected]..
  >
  I have managed to write and deploy a custom login module that works justfine with
  other app servers (except WebLogic). I am using WebLogic 6.1 with sp2.When WebLogic
  starts up, it seems to be calling my custom login module with a user of"system".
  I then get the following exception:
  Authentication Failed: Unexpected Exception,weblogic.security.acl.DefaultUserInfoImpl
  java.lang.ClassCastException: weblogic.security.acl.DefaultUserInfoImpl
  <<no stack trace available>>
  I have updated the Server.policy file to only point to my custom loginmodule, WebLogic's
  system path points to the JAR with my login module and I can see themodule get called.
  Any advice as to what WebLogic is doing here. This behavior does notseem to be
  compliant with the JAAS spec. Here is a snippet of my login method:
  public boolean login() throws LoginException {
  if (callbackHandler == null)
  throw new LoginException("Error: blah blah");
  Callback[] callbacks = new Callback[2];
  callbacks[0] = new NameCallback(USER);
  callbacks[1] = new PasswordCallback(PWD, false);
  try {
  callbackHandler.handle(callbacks);
  username = ((NameCallback)callbacks[USERCALLBACK]).getName();
  char[] tmpPassword =((PasswordCallback)callbacks[PWDCALLBACK]).getPassword();
  >
  if (tmpPassword == null) {
  tmpPassword = new char[0];
  password = new String(tmpPassword);
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Authenticate.authenticate(env, subject);
  return verifyCredentials();
  } catch (java.io.IOException ioe) {
  throw new LoginException(ioe.toString());
  } catch (UnsupportedCallbackException uce) {
  throw new LoginException("Error: " +uce.getCallback().toString()
  + " not available");

• Netweaver04 : Custom Login Module . Visual Admin : class not found

  Hi all ,
  using the Sneak Preview of Netweaver04 and Portal .
  Coded a Custom Login Module via the TechEd04 example and deployed it to the portal with security_api.jar attached ...works great .
  BUT when I try to login to the Visual Admin tool it cannot find the JARS I have put in admin/lib and I get a NoClassDefFound error on a class in security_api.jar .
  How do I  get the Visual Admin tool to find that JAR ?
  Regards
  Daniel

  Hi Daniel,
  sounds like a reference is missing.
  Check this:
  http://help.sap.com/saphelp_nw04/helpdata/en/2b/23e4407211732ae10000000a155106/frameset.htm
  Regards, Karsten

• Debugging custom login module

  Hi,
  We have implemented custom login module, all the required steps are done in VA and Configtool. What is the better way to debug custom login module? Please advise.
  Thanks,
  Dileep

  Hi Vijay,
  I already deployed my login module. I am not getting any error, it lets me login without any problems. I want to debug this and add more logic to it based on debug results.
  FYI for all, this is not logon par file, this is custom login module implemented as outlined in this link, http://help.sap.com/saphelp_nw70/helpdata/en/2b/65fa40ee14f26fe10000000a1550b0/content.htm
  Thanks,
  Dileep

• Custom Login Module and failover

  I'm trying to figure out how to handle authentication when failover from one OC4J to another occurs. I have a custom login module using the example provided by Frank Nimphius (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm)
  I see different results for this "external" custom login module than for either JAZN file store or for the built-in DBTableOraDataSourceLoginModule that comes with OC4J and am wondering why.
  Scenario 1 - File authentication using JAZN file store
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 2 - Custom login module using DB store through the OC4J built-in DBTableOraDataSourceLoginModule
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 3 (problematic scenario) - Custom login module using DB store through an external login module (not in OC4J). I used the DBTableOraDataSourceLoginModule from Frank
  Nimphius with no modifications for this test.
  Results: Failover works. But when failover occurs, the login page is displayed and the user has to login again. Question: Why doesn't failover also cover the authentication as in the previous 2 scenarios?
  Note: I tried to fix this by adding Java_sso. This does appear to take care of having to log in a second time but raises new issues. One is that authentication is called for every request. Then after the failover occurs, I see a log message indicating the login module aborted but authentication appears to succeed regardless.

  I'm trying to figure out how to handle authentication when failover from one OC4J to another occurs. I have a custom login module using the example provided by Frank Nimphius (http://www.oracle.com/technology/products/jdev/howtos/10g/jaassec/index.htm)
  I see different results for this "external" custom login module than for either JAZN file store or for the built-in DBTableOraDataSourceLoginModule that comes with OC4J and am wondering why.
  Scenario 1 - File authentication using JAZN file store
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 2 - Custom login module using DB store through the OC4J built-in DBTableOraDataSourceLoginModule
  Results: Works well.
  Failover works and when failover occurs, the login page is not displayed. (no 2nd login is required).
  Scenario 3 (problematic scenario) - Custom login module using DB store through an external login module (not in OC4J). I used the DBTableOraDataSourceLoginModule from Frank
  Nimphius with no modifications for this test.
  Results: Failover works. But when failover occurs, the login page is displayed and the user has to login again. Question: Why doesn't failover also cover the authentication as in the previous 2 scenarios?
  Note: I tried to fix this by adding Java_sso. This does appear to take care of having to log in a second time but raises new issues. One is that authentication is called for every request. Then after the failover occurs, I see a log message indicating the login module aborted but authentication appears to succeed regardless.