I am struggling with the following task for days now:
I got a custom JAAS Login Module that is doing my user authentication.
I integrated this Module by placing a security domain configuration (application-policy) in login-config.xml.
This works very well.
Next step would be to manage programatic permission handling.
I would like to do this in the described way:
- In commit method of login module, some custom type permissions are fetched from an external database.
- This permissions are stored in the subject's credentials.
- The access to different EJBs or code fragments should be granted or denied depending on a complex logic. Therefore I need to implement/overwrite the checkPermission method of the security manager.
Unfortunately I did not manage to do so.
What I already tried:
- Write a custom Security Manager that extends org.jboss.security.SubjectSecurityManager, org.jboss.security.RealmMapping, and Serializable
I put the jar in "jboss/lib" and "jboss/common/lib" and changed the value of "SecurityManagerClassname" attribute of "JaasSecurityManagerService" mbean in jboss-service.xml to my implementation - without success. My clas wasn't invoked.
- Write a custom DelegatingPolicy class that extends DelegatingPolicy
When I try to invoke this class in my login-config.xml, I got an exception that this class was not initialized when the security domain is accessed.
Any help would be great !