3 Replies Latest reply on May 23, 2006 10:23 AM by j2ee_junkie

    structure of rolesQuery

    yogendrarampuria
    yogendrarampuria May 19, 2006 6:45 AM

      I have no clue if this has been covered before.

      While defining application-policy in login-config.xml in the roles query i have to fram the query like this

      Select somecollumn , 'Roles' from sometable where some_user_id = ?

      Is it so that the second collumn should always be 'Roles'?

      I got the authentication working through this type of query. Earlier when I tried to query some other column in that place my roles were not assigned as a result I was getting authenticated but had no access to resources asking for specific role, even when the database was configured for the same.

      Also, I have a standalone Tomcat server for development. I would like that server to use the authentication policy defined on jboss application server. is there a way to do it?

      • 5436 Views
      • Tags:
        • 1. Re: structure of rolesQuery
          j2ee_junkie
          j2ee_junkie May 19, 2006 8:02 AM (in response to yogendrarampuria)

          Yogendra,

          If you read jboss server guide section 8.4.6.4 (http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#ch8.dabaseserverloginmodule.sect)
          , you will see how this module works. To answer your first question. It depends on your database. If your table that stores roles has a column to allow you to group your roles, then you would use that column. One good use of this concept is if a user has different roles for different applications. Thus at login time, you really only want the roles for user in app x. Then your second column of the query could use this value to select only roles for that app.

          Please clarify your second question. Do you want your standalone Tomcat to actually defer security to the JBoss container? Or do you just want to use the policy definition?

          cgriffith

            • Actions
          • 2. Re: structure of rolesQuery
            yogendrarampuria
            yogendrarampuria May 23, 2006 7:38 AM (in response to yogendrarampuria)

            I would like the tomcat server to refer the auth policy (bound to some jndi name) defined in jboss.
            I know that the jndi name is java:/jaas/XXXX making it inaccessible from out side. what could be done?

            one idea that i have is to write a login module(JAAS) and make sql query to the datasource same as being used by the jboss authentication policy.

              • Actions
            • 3. Re: structure of rolesQuery
              j2ee_junkie
              j2ee_junkie May 23, 2006 10:23 AM (in response to yogendrarampuria)

              Yogi,

              In the past, I may have thought this was possible, but now I do not think there is any means already to do that. I do know that if you could access JBoss's mbean server, you could get the SecurityMangerServiceMBean and defer authentication to it. Sorry, I could not be of more help as I have never tried this. I hope someone else in this forum could add to this.

              cgriffith

                • Actions