-
1. Re: Get list of users/roles no matter what JAAS security mod
starksm64 Oct 28, 2005 11:00 AM (in response to cmiles123)All that currently exists is the getAuthenticationCachePrincipals op of the "jboss.security:service=JaasSecurityManager" mbean:
/** The the list of active Principls for the given security domain * @param securityDomain - the security-domain name * @return List<Princpals> of active users, may be null. */ List getAuthenticationCachePrincipals(String securityDomain);
-
2. Re: Get list of users/roles no matter what JAAS security mod
cmiles123 Oct 28, 2005 11:07 AM (in response to cmiles123)Thank you for your reply...
Yes, I saw this and the other methods on the SecurityManager.
Regarding this method, is this just a list of everyone that happens to have logged in, or does this actually return ALL the users in the Security implementation. So for example, if I'm hooked up to LDAP and I have 500 users defined, but only 2 have logged in. Does this return all 500 or just the 2.
Thanks -
3. Re: Get list of users/roles no matter what JAAS security mod
starksm64 Oct 28, 2005 12:45 PM (in response to cmiles123)Only logged in as there is no way in general to query the security domain state as this is not a feature of JAAS.
-
4. Re: Get list of users/roles no matter what JAAS security mod
cmiles123 Oct 28, 2005 12:49 PM (in response to cmiles123)Thank you for your replies. You have been most helpful...
-
5. Re: Get list of users/roles no matter what JAAS security mod
cmiles123 Nov 3, 2005 10:12 AM (in response to cmiles123)I wanted to throw this out there and see if this is at all possible. In light of there not being anyway to get such things as "list of all users", "list of all roles" etc etc via JBoss, I was thinking about modifying the JBoss code to actually allow this. Here's what I was thinking:
1) Create a new abstract Login Module which extends AbstractServerLoginModule which provides the new methods such as getAllusers(), getAllRoles(), getRoleMembers() etc etc
2) Custom Login Modules could extend this new abstract Login Module and provide the code to return this new information from the actual Security Provider implementation
3) Expose these new methods in the JaasSecurityManager by implementing some other new interface. The JassSecurityManager would need to cycle through all the currently installed Login Modules for the given security domain and invoke the appropriate new methods.
The thing I wanted to know if it was possible was whether the JaasSecurityManager has access to the actual Login Module classes. So given a security domain can you get a handle to the actual Login Modules so that you could then call the new methods?
Any comments and information about the SecurityManager and Login Modules would be appreciated, thanks. -
6. Re: Get list of users/roles no matter what JAAS security mod
starksm64 Nov 3, 2005 11:15 AM (in response to cmiles123)No, this won't be supported via further overloading the jaas login modules. They are not designed for this and nothing but the jaas implementation has access to the login modules. The only tangible output from jaas is a subject.
You might as well create a new security info service with its own pluggable query abstraction for obtaining this information. -
7. Re: Get list of users/roles no matter what JAAS security mod
cmiles123 Nov 3, 2005 11:31 AM (in response to cmiles123)ok, thx for the jaas info..
Your "security info service" alternative is our second option and we already have something like this in place. We just didn't want to write a specific plugin for each type of JBoss Login Module, but rather a App Server specific plugin. We already have a WebLogic and WebSphere plugin and it seems we'll have to for JBoss have a JBoss LDAP plugin, a JBoss Database plugin etc etc.
On this subject, is there a way from within an EJB app to be able to get access to the JBoss Login Module config parameters. So for instance, if you have an LDAP Login Module installed for JBoss, can we get access to the LDAP parameters you've setup for the Login Module? I'd rather use these then to duplicate them in our own property files.
Thank for your help. -
8. Re: Get list of users/roles no matter what JAAS security mod
cmiles123 Nov 3, 2005 1:26 PM (in response to cmiles123)I answered my own question. Here's some example code of how you can get access to the Login Modules config:
Configuration config = Configuration.getConfiguration(); AppConfigurationEntry[] entries = config.getAppConfigurationEntry("other"); for(int i = 0; i < entries.length; i++) { AppConfigurationEntry entry = entries; System.out.println("LoginModule Class: "+entry.getLoginModuleName()); System.out.println("ControlFlag: "+entry.getControlFlag()); System.out.println("Options:"); Map options = entry.getOptions(); Iterator iter = options.entrySet().iterator(); while(iter.hasNext()){ Entry e = (Entry) iter.next(); System.out.println("name="+e.getKey()+", value="+e.getValue()); } }
-
9. Re: Get list of users/roles no matter what JAAS security mod
rameshsr Jan 17, 2006 2:49 AM (in response to cmiles123)This is really interesting, to get the list of logged-in users. I am wondering if this would work in a browser client in a J2EE WebApp scenario. For example, I login to my service using JAAS. After a while, I exit the browser. How does JAAS know if I have logged out or still hanging around?
Would appreciate the answer, as I am seriously considering using this to get the *active* users.