2 Replies Latest reply on Dec 2, 2004 1:11 PM by ftg314159

Principal Mapping for JCA Authentication

ftg314159 Dec 1, 2004 2:35 PM

I apologize if this is covered elsewhere, but I've been through the 3.2.6 Admin guide and the jca examples and DTDs, and I can't seem to find this...

How do you implement 1-1 Principal Mapping from a caller principal to a resource principal for connectors in JBoss ?

The JCA spec seems to imply that you do it by using a JAAS login module that takes an incoming Subject containing the caller principal and adds a PasswordCredential with the resource principal.

Some forum comments seem to suggest that this isn't really a connector issue, and that you need support in login-config.xml as well as in ra.xml.

What I can't put together out of all this is:

1) How exactly do you tell JBoss that your RA wants an incoming Subject with a resource principal ?
2) How exactly do you tell JBoss how to map from the caller principal to a resource principal ?

Thanks for any clarification you can offer. Almost all of the examples I could find deal with many-to-one mappings.

1. Re: Principal Mapping for JCA Authentication

starksm64 Dec 2, 2004 12:26 PM (in response to ftg314159)

The CallerIdentityLoginModule as described here sounds its what you want. If its not provide the specifics of the identity mapping your looking for.

http://www.jboss.org/wiki/Wiki.jsp?page=ConfigJCALoginModule
Actions
2. Re: Principal Mapping for JCA Authentication

ftg314159 Dec 2, 2004 1:11 PM (in response to ftg314159)

Ahh, I see now. The RA stuff just has a realm name, and everything else goes in login-config.

What I had in mind was a login module that mapped the caller userid/password to another pair, possibly controlled by a properties file the way the server-side EJB login module works.

I'll check the source code to see if there is one. If not, it should be simple enough to supply.

Thanks for the reply.
Actions

Go to original post