Version 2
Created by anil.saldhana on Jun 23, 2006 12:04 PM. Last modified by anil.saldhana on Jun 23, 2006 12:04 PM.

    RoleMappingLoginModule 

     

    Fully Qualified Name

     

    org.jboss.security.auth.spi.RoleMappingLoginModule

     

    JIRA Issue

     

    http://jira.jboss.com/jira/browse/JBAS-3323

     

    Releases

     

    JBoss 3.2.8.SP2, JBoss 4.0.5, JBoss 5.0.0 onwards

     

    Description

     

    Users would like to map roles that are the end result of the authentication process to one or more declarative roles.  For example, if the authentication process has determined that an user "jduke" has the following roles - ldapAdmin, testAdmin and the declarative roles defined in the web.xml or ejb-jar.xml for access is "admin", then this login module can be used to map the roles.

     

    Usage

     

    This module needs to be added as an "optional" module into the jaas configuration.

     

     

    <application-policy name="jmx-console">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
        <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
      </login-module>
      <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule"
        flag="optional"> 
        <module-option name="rolesProperties">props/rolesMapping-roles.properties</module-option>
      </login-module>
    </authentication>
  </application-policy>

     

    Module Options

     

    The module options that can be passed are as follows:

     

     

    • rolesProperties: can be the name of the properties file that can be located via the Classloader or an absolute location given by the java.net.url pattern (Eg: file:/rolesMap.properties etc)

    • replaceRole: By default, this module adds the mapped roles to the authenticated subject.  If it is desired that the key role needs to be replaced with the mapped roles, pass this option with "true".

     

    Example of Properties file

     

    Role3=testRole,testRole2

     

     

     

    If there is a "Role3" in the authenticated subject, then the following roles "testRole" and "testRole2" will be added to the authenticated subject. If a module option (replaceRole has been set to "true"), then the "Role3" will be removed from the authenticated subject.

     

    15271 Views Categories: Tags: