2 Replies Latest reply on Nov 28, 2006 1:11 PM by anil.saldhana

    RoleMappingLoginModule with rule: *=role1, role2

    fcorneli

      RoleMappingLoginModule makes sense when the user already has a (JAAS JBoss specific) role. The funny thing here is that, before your are capable of using RoleMappingLoginModule, the user already must have a (JAAS JBoss specific) role assigned by a login module. Thus the initial JAAS LoginModule already needs to be JBoss-aware (because of the role replacement by RoleMappingLoginModule).

      How can I add a role to an authenticated user when he/she has been authenticated by a generic JAAS (i.e. non-JBoss aware) login module? I don't want to pollute my generic JAAS login module with JBoss specific stuff (the 'Roles' group thingy).

        • 1. Re: RoleMappingLoginModule with rule: *=role1, role2
          fcorneli

          The following also did the trick:

          <login-module code="MyLoginModule" flag="required"></login-module>
          <login-module code="org.jboss.security.auth.spi.IdentityLoginModule" flag="optional">
           <module-option name="password-stacking">useFirstPass</module-option>
           <module-option name="roles">TheRoleIWantToAdd</module-option>
          </login-module>


          • 2. Re: RoleMappingLoginModule with rule: *=role1, role2
            anil.saldhana

             

            /**
             * JBAS-3323: Role Mapping Login Module that maps application role to
             * declarative role
             * - You will need to provide a properties file name with the option "rolesProperties"
             * which has the role to be replaced as the key and a comma-separated role names
             * as replacements.
             * - This module should be used with the "optional" mode, as it just adds
             * onto the authenticated subject
             */
            


            The purpose of this LM has been clearly defined in the Javadoc.