5 Replies Latest reply on Dec 27, 2005 2:51 PM by starksm64

    group based authentication

    ralluri

      wondering if someone can clarify on this.

      I need to develop a authentication process where based on the roles & group combination.
      Each group has certain roles and users can be assigned to the group

      Here is the data in database:

      Each group has certain roles in it

      group1 role1
      group1 role2
      group1 admingroup1role

      group2 role3
      group2 role4
      group2 admingroup2role

      Each user can have any role/group combination above.

      Wondering if the DatabaseServerLoginModule can be used here or Do I need to develop custom module.
      Also, how can I map this on the server side so that the application module can be controlled based on the roles ?

      Thanks for your help

        • 1. Re: group based authentication
          starksm64

          No, this is not notion that the DatabaseServerLoginModule supports so you would have to write a custom version.

          • 2. Re: group based authentication
            ralluri

            while configuring DatabaseServerLogin module,

            just curious on why can't the rolesQuery contain rolegroup value ?
            For example:

            <module-option name = "rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>

            where RoleGroup value could be group1,group2 etc

            If this is possible, then I may not have to write the custom DB login module. Could you please clarify this ?

            • 3. Re: group based authentication
              starksm64

              Look at the source to understand why this would have no affect. If you create a custom version that you think is a generalization that should be incorporated create a jira issue for the updated version:

              http://jira.jboss.com/jira/browse/JBAS

              • 4. Re: group based authentication
                ralluri

                I did look at the code for DataBaseServerLoginModule which calls Util.getRoleSets(...) method.

                ====
                String name = rs.getString(1);
                String groupName = rs.getString(2);
                if( groupName == null || groupName.length() == 0 )
                groupName = "Roles";
                Group group = (Group) setsMap.get(groupName);
                if( group == null )
                {
                group = new SimpleGroup(groupName);
                setsMap.put(groupName, group);
                }
                ====

                It is retriving the group name from the DB and creating the Group properly. So, I should be expecting the rolesquery to rerive group name.
                sorry, if am I missing something ?

                • 5. Re: group based authentication
                  starksm64

                  That as described in chap8 of the dev guide, only the Roles group is used for matching the j2ee descriptor roles. Read the current usage of the subject roles and come up with something different:

                  http://www.jboss.com/products/jbossas/docs