1 Reply Latest reply on Sep 14, 2005 6:26 PM by mickknutson

    PLEASE Help mapping roles in JBoss like WAS 5.1

    mickknutson

      I am trying to get my security module to map roles like WAS 5.1 does with the ibm_application-bnd.xmi file below. Websphere seems to map role01 to a role called "cn=FFv1::01Find Customer::Simple Search,o=blackhawk". But without the mapping WAS does not like, or understand the comma and equals signs. Thus a need for mapping, as ldap sends back "cn=FFv1::01Find Customer::Simple Search,o=blackhawk", not "role01".


      ibm_application-bnd.xmi:

      <?xml version="1.0" encoding="UTF-8"?>
      <com.ibm.ejs.models.base.bindings.applicationbnd:ApplicationBinding xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:com.ibm.ejs.models.base.bindings.applicationbnd="applicationbnd.xmi" xmi:id="ApplicationBinding_1126576842118">
       <authorizationTable xmi:id="AuthorizationTable_1126576842118">
       <authorizations xmi:id="RoleAssignment_1126576842118">
       <role href="META-INF/application.xml#SecurityRole_1126576842103"/>
       <groups xmi:id="Group_1126576842118" name="cn=FFv1::01Find Customer::Simple Search,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842119">
       <role href="META-INF/application.xml#SecurityRole_1126576842104"/>
       <groups xmi:id="Group_1126576842119" name="cn=FFv1::02Research Customer::Advanced Search,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842134">
       <role href="META-INF/application.xml#SecurityRole_1126576842105"/>
       <groups xmi:id="Group_1126576842134" name="cn=FFv1::03Customer Detail::Update Customer Info -All,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842135">
       <role href="META-INF/application.xml#SecurityRole_1126576842106"/>
       <groups xmi:id="Group_1126576842135" name="cn=FFv1::04Customer Detail::Update Customer Info -Selected,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842136">
       <role href="META-INF/application.xml#SecurityRole_1126576842107"/>
       <groups xmi:id="Group_1126576842136" name="cn=FFv1::05Customer Detail::Terminate Account,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842137">
       <role href="META-INF/application.xml#SecurityRole_1126576842108"/>
       <groups xmi:id="Group_1126576842137" name="cn=FFv1::06Customer Detail::Create Enrollment,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842138">
       <role href="META-INF/application.xml#SecurityRole_1126576842109"/>
       <groups xmi:id="Group_1126576842138" name="cn=FFv1::07Customer Detail::Block Account,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842139">
       <role href="META-INF/application.xml#SecurityRole_1126576842110"/>
       <groups xmi:id="Group_1126576842139" name="cn=FFv1::08Customer Detail::Unblock Account,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842140">
       <role href="META-INF/application.xml#SecurityRole_1126576842111"/>
       <groups xmi:id="Group_1126576842140" name="cn=FFv1::09Customer Detail::Add Comments,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842141">
       <role href="META-INF/application.xml#SecurityRole_1126576842112"/>
       <groups xmi:id="Group_1126576842141" name="cn=FFv1::10Customer Detail::View Contents,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842142">
       <role href="META-INF/application.xml#SecurityRole_1126576842113"/>
       <groups xmi:id="Group_1126576842142" name="cn=FFv1::11ACH Adjustments::ACH Adjustments,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842143">
       <role href="META-INF/application.xml#SecurityRole_1126576842114"/>
       <groups xmi:id="Group_1126576842143" name="cn=FFv1::12Velocity::Velocity Limits - Create,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842144">
       <role href="META-INF/application.xml#SecurityRole_1126576842118"/>
       <groups xmi:id="Group_1126576842144" name="cn=FFv1::13Velocity::Velocity Limits - View,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842145">
       <role href="META-INF/application.xml#SecurityRole_1126576842119"/>
       <groups xmi:id="Group_1126576842145" name="cn=FFv1::14Database Changes::Account History,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842146">
       <role href="META-INF/application.xml#SecurityRole_1126576842120"/>
       <groups xmi:id="Group_1126576842149" name="cn=FFv1::15Recent Transaction::Transaction History - Recent,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842149">
       <role href="META-INF/application.xml#SecurityRole_1126576842121"/>
       <groups xmi:id="Group_1126576842150" name="cn=FFv1::16Historical Transactions::Transaction History - Historical,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842150">
       <role href="META-INF/application.xml#SecurityRole_1126576842122"/>
       <groups xmi:id="Group_1126576842151" name="cn=FFv1::17Reports::Reports,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842151">
       <role href="META-INF/application.xml#SecurityRole_1126576842123"/>
       <groups xmi:id="Group_1126576842152" name="cn=FFv1::18Administrative::User Acct Creation,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842152">
       <role href="META-INF/application.xml#SecurityRole_1126576842124"/>
       <groups xmi:id="Group_1126576842153" name="cn=FFv1::19Administrative::User Acct Maint,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842153">
       <role href="META-INF/application.xml#SecurityRole_1126576842125"/>
       <groups xmi:id="Group_1126576842154" name="cn=FFv1::20Administrative::Password Delete,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842154">
       <role href="META-INF/application.xml#SecurityRole_1126576842126"/>
       <groups xmi:id="Group_1126576842155" name="cn=FFv1::21Administrative::Disable User Acct,o=blackhawk"/>
       </authorizations>
       <authorizations xmi:id="RoleAssignment_1126576842155">
       <role href="META-INF/application.xml#SecurityRole_1126576842127"/>
       <groups xmi:id="Group_1126576842156" name="cn=FFv1::22Administrative::Password Reset Delegation,o=blackhawk"/>
       </authorizations>
       </authorizationTable>
       <application href="META-INF/application.xml#Application_1120149750822"/>
      </com.ibm.ejs.models.base.bindings.applicationbnd:ApplicationBinding>
      
      


      web.xml excerpt:

      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>bhffApplication</web-resource-name>
       <description>Require users to authenticate</description>
       <url-pattern>*.do</url-pattern>
      
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       </web-resource-collection>
      
       <auth-constraint>
       <description>User constraint</description>
       <role-name>role01</role-name>
       <role-name>role02</role-name>
       <role-name>role03</role-name>
       <role-name>role04</role-name>
       <role-name>role05</role-name>
       <role-name>role06</role-name>
       <role-name>role07</role-name>
       <role-name>role08</role-name>
       <role-name>role09</role-name>
       <role-name>role10</role-name>
       <role-name>role11</role-name>
       <role-name>role12</role-name>
       <role-name>role13</role-name>
       <role-name>role14</role-name>
       <role-name>role15</role-name>
       <role-name>role16</role-name>
       <role-name>role17</role-name>
       <role-name>role18</role-name>
       <role-name>role19</role-name>
       <role-name>role20</role-name>
       <role-name>role21</role-name>
       <role-name>role22</role-name>
       </auth-constraint>
       <user-data-constraint>
       <description>Encryption is not forced by application at this point.</description>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/logon.jsp</form-login-page>
       <form-error-page>/logonError.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <description>cn=ffv1::01find customer::simple search,o=blackhawk</description>
       <role-name>role01</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::02research customer::advanced search,o=blackhawk</description>
       <role-name>role02</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::03customer detail::update customer info -all,o=blackhawk</description>
       <role-name>role03</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::04customer detail::update customer info -selected,o=blackhawk</description>
       <role-name>role04</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::05customer detail::terminate account,o=blackhawk</description>
       <role-name>role05</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::06customer detail::create enrollment,o=blackhawk</description>
       <role-name>role06</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::07customer detail::block account,o=blackhawk</description>
       <role-name>role07</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::08customer detail::unblock account,o=blackhawk</description>
       <role-name>role08</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::09customer detail::add comments,o=blackhawk</description>
       <role-name>role09</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::10customer detail::view contents,o=blackhawk</description>
       <role-name>role10</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::11ach adjustments::ach adjustments,o=blackhawk</description>
       <role-name>role11</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::12velocity::velocity limits - create,o=blackhawk</description>
       <role-name>role12</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::13velocity::velocity limits - view,o=blackhawk</description>
       <role-name>role13</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::14database changes::account history,o=blackhawk</description>
       <role-name>role14</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::15recent transaction::transaction history - recent,o=blackhawk</description>
       <role-name>role15</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::16historical transactions::transaction history - historical,o=blackhawk</description>
       <role-name>role16</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::17reports::reports,o=blackhawk</description>
       <role-name>role17</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::18administrative::user acct creation,o=blackhawk</description>
       <role-name>role18</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::19administrative::user acct maint,o=blackhawk</description>
       <role-name>role19</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::20administrative::password delete,o=blackhawk</description>
       <role-name>role20</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::21administrative::disable user acct,o=blackhawk</description>
       <role-name>role21</role-name>
       </security-role>
       <security-role>
       <description>cn=ffv1::22administrative::password reset delegation,o=blackhawk</description>
       <role-name>role22</role-name>
       </security-role>
      
      


      application.xml:
      
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
      
       <application id="Application_1120149750822">
       <display-name>Fastforward</display-name>
       <module id="WebModule_1120149438148">
       <web>
       <web-uri>fastforwardWeb-1.1.11.war</web-uri>
       <context-root>/fastforward</context-root>
       </web>
       </module>
       <security-role id="SecurityRole_1126576842103">
       <description>cn=ffv1::01find customer::simple search,o=blackhawk</description>
       <role-name>role01</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842104">
       <description>cn=ffv1::02research customer::advanced search,o=blackhawk</description>
       <role-name>role02</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842105">
       <description>cn=ffv1::03customer detail::update customer info -all,o=blackhawk</description>
       <role-name>role03</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842106">
       <description>cn=ffv1::04customer detail::update customer info -selected,o=blackhawk</description>
       <role-name>role04</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842107">
       <description>cn=ffv1::05customer detail::terminate account,o=blackhawk</description>
       <role-name>role05</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842108">
       <description>cn=ffv1::06customer detail::create enrollment,o=blackhawk</description>
       <role-name>role06</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842109">
       <description>cn=ffv1::07customer detail::block account,o=blackhawk</description>
       <role-name>role07</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842110">
       <description>cn=ffv1::08customer detail::unblock account,o=blackhawk</description>
       <role-name>role08</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842111">
       <description>cn=ffv1::09customer detail::add comments,o=blackhawk</description>
       <role-name>role09</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842112">
       <description>cn=ffv1::10customer detail::view contents,o=blackhawk</description>
       <role-name>role10</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842113">
       <description>cn=ffv1::11ach adjustments::ach adjustments,o=blackhawk</description>
       <role-name>role11</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842114">
       <description>cn=ffv1::12velocity::velocity limits - create,o=blackhawk</description>
       <role-name>role12</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842118">
       <description>cn=ffv1::13velocity::velocity limits - view,o=blackhawk</description>
       <role-name>role13</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842119">
       <description>cn=ffv1::14database changes::account history,o=blackhawk</description>
       <role-name>role14</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842120">
       <description>cn=ffv1::15recent transaction::transaction history - recent,o=blackhawk</description>
       <role-name>role15</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842121">
       <description>cn=ffv1::16historical transactions::transaction history - historical,o=blackhawk</description>
       <role-name>role16</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842122">
       <description>cn=ffv1::17reports::reports,o=blackhawk</description>
       <role-name>role17</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842123">
       <description>cn=ffv1::18administrative::user acct creation,o=blackhawk</description>
       <role-name>role18</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842124">
       <description>cn=ffv1::19administrative::user acct maint,o=blackhawk</description>
       <role-name>role19</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842125">
       <description>cn=ffv1::20administrative::password delete,o=blackhawk</description>
       <role-name>role20</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842126">
       <description>cn=ffv1::21administrative::disable user acct,o=blackhawk</description>
       <role-name>role21</role-name>
       </security-role>
       <security-role id="SecurityRole_1126576842127">
       <description>cn=ffv1::22administrative::password reset delegation,o=blackhawk</description>
       <role-name>role22</role-name>
       </security-role>
       </application>
      
      


      jboss-web.xml
      <?xml version="1.0" encoding="UTF-8"?>
      
      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
      
      <jboss-web>
      
       <!--
       <ejb-local-ref>
       <ejb-ref-name>local/ConsumerManagerLocal</ejb-ref-name>
       <local-jndi-name>local/ConsumerManagerLocal</local-jndi-name>
       </ejb-local-ref>
       -->
      
       <resource-ref>
       <res-ref-name>jdbc/bhffds</res-ref-name>
       <jndi-name>java:jdbc/bhffds</jndi-name>
       </resource-ref>
      
       <context-root>fastforward</context-root>
       <security-domain>java:/jaas/ldap-security</security-domain>
      </jboss-web>
      


        • 1. URGENT Re: PLEASE Help mapping roles in JBoss like WAS 5.1
          mickknutson

          I have added the following into my jboss-web.xml but still does not work:

          <security-role>
          <principal-name>cn=FFv1::01Find Customer::Find Customer, o=blackhawk</principal-name>
          <role-name>role01</role-name>
          </security-role>
          <security-role>
          <principal-name>cn=FFv1::02Research Customer::Research Customer, o=blackhawk</principal-name>
          <role-name>role02</role-name>
          </security-role>


          I have a jsp that prints out -no- to the following everytime:

          <%= (request.isUserInRole("role01") ? "YES": "-no-")%>



          How can I map/alias:
          cn=FFv1::02Research Customer::Research Customer, o=blackhawk

          to:
          role01

          ??????????????????