Thank you for your reply...

Yes, I saw this and the other methods on the SecurityManager.

Regarding this method, is this just a list of everyone that happens to have logged in, or does this actually return ALL the users in the Security implementation. So for example, if I'm hooked up to LDAP and I have 500 users defined, but only 2 have logged in. Does this return all 500 or just the 2.

Thanks

Thank you for your replies. You have been most helpful...

I wanted to throw this out there and see if this is at all possible. In light of there not being anyway to get such things as "list of all users", "list of all roles" etc etc via JBoss, I was thinking about modifying the JBoss code to actually allow this. Here's what I was thinking:

1) Create a new abstract Login Module which extends AbstractServerLoginModule which provides the new methods such as getAllusers(), getAllRoles(), getRoleMembers() etc etc

2) Custom Login Modules could extend this new abstract Login Module and provide the code to return this new information from the actual Security Provider implementation

3) Expose these new methods in the JaasSecurityManager by implementing some other new interface. The JassSecurityManager would need to cycle through all the currently installed Login Modules for the given security domain and invoke the appropriate new methods.

The thing I wanted to know if it was possible was whether the JaasSecurityManager has access to the actual Login Module classes. So given a security domain can you get a handle to the actual Login Modules so that you could then call the new methods?

Any comments and information about the SecurityManager and Login Modules would be appreciated, thanks.

ok, thx for the jaas info..

Your "security info service" alternative is our second option and we already have something like this in place. We just didn't want to write a specific plugin for each type of JBoss Login Module, but rather a App Server specific plugin. We already have a WebLogic and WebSphere plugin and it seems we'll have to for JBoss have a JBoss LDAP plugin, a JBoss Database plugin etc etc.

On this subject, is there a way from within an EJB app to be able to get access to the JBoss Login Module config parameters. So for instance, if you have an LDAP Login Module installed for JBoss, can we get access to the LDAP parameters you've setup for the Login Module? I'd rather use these then to duplicate them in our own property files.

Thank for your help.

I answered my own question. Here's some example code of how you can get access to the Login Modules config:

Configuration config = Configuration.getConfiguration();
AppConfigurationEntry[] entries = config.getAppConfigurationEntry("other");
for(int i = 0; i < entries.length; i++) {
 AppConfigurationEntry entry = entries;
 System.out.println("LoginModule Class: "+entry.getLoginModuleName());
 System.out.println("ControlFlag: "+entry.getControlFlag());
 System.out.println("Options:");
 Map options = entry.getOptions();
 Iterator iter = options.entrySet().iterator();
 while(iter.hasNext()){
 Entry e = (Entry) iter.next();
 System.out.println("name="+e.getKey()+", value="+e.getValue());
 }
 }