I have a multi-tenant java-ee application which I am running on wildfly. For authentication I have a custom LoginModule configured in my security-domain configuration.
I am facing a couple of issues.
Scenario 1 : cache-type set to default
- User with name "foo" logs in for tenant1. In this case the LoginModule's login method is invoked.
- User with name "foo" logs in for tenant2. In this case the LoginModule's login method is NOT invoked.
This is a big problem because now the tenant2 user is logged in essentially as a tenant1 user and has similar privileges.
Scenario 2 : cache-type not set
In this scenario things work properly as far as the end user is concerned. However there is a problem. For every request that is made now the LoginModule.login method is invoked.
My question is what is the proper way to set up authentication on wildfly for a multi-tenant application.
