Role Based Credential Map for fine grained data roles
boss248 Jan 6, 2012 12:10 AMI have imported two databases in my VDB and I've configured two different roles (admin and manager) and also used the "Mapped Role Names" feature to map the the vdb role to a role I've set up in JBoss using JAAS with DatabaseServerLoginModule. The idea is to have a servlet that requires authentication for urls mapped by /admin/* to execute a query in Teiid using the admin role only for users with the correct privilege. The JAAS in in Jboss works fine, but now I have problems with creating the TeiidDataSource.
For starters, I refactored the JDBCClient to execute my query in my servlet. I also added the following to the teiid-jboss-beans.xml:
<application-policy xmlns="urn:jboss:security-beans:1.0" name="teiid-security">
<authentication>
<!-- this is what I have in my login-config.xml except it is for an application policy named "exampleDomain" -->
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/exampleDS</module-option>
<module-option name = "principalsQuery">SELECT password FROM user WHERE userid=?</module-option>
<module-option name = "rolesQuery">SELECT roleid, 'Roles' FROM role WHERE userid=?</module-option>
</login-module>
<login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
<module-option name = "password-stacking">useFirstPass</module-option>
<module-option name="credentialMap">props/teiid-credentialmap.properties</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=defaultDS</module-option>
</login-module>
</authentication>
</application-policy>
My questions are
1) How do I connect to the TeiidDataSource (i.e. which username and password do I use)?
2) I'm not sure which *-ds file I put the <security-domain>teiid-security</security-domain> xml node in. Does it go in both of the -ds files that were used for the import into the VDB?
3) Does my jboss-web.xml file still use the old security-domain (i.e. I was using java:/jaas/exampleDomain)
4) Does the RoleBasedCredentialMapIdentityLoginModule referenced within teiid-jboss-beans use the defaultDS managedConnectionFactory?
thanks.