-
1. Re: Extend Security Realm TrustStore Tag
dlofthouse Dec 1, 2012 9:12 AM (in response to jmane)What are you using this realm for?
To load roles from a properties file you should add an <authorization> element after the closing </authentication element and define the properties there.
-
2. Re: Extend Security Realm TrustStore Tag
jmane Dec 1, 2012 9:17 AM (in response to dlofthouse)Hi Darran. This is for remoting connection from JMS and/or EJB. We have remote apps that rely on user certificates for authentication but since every has a certificate and we don't want all to connect, we have to see if user CN=blah has a REMOTE role in the roles.properties file.
I totally forgot about the <authorization> completely. I will try that with our custom LDAP security domain login module. Thank you very much for your time.
-
3. Re: Extend Security Realm TrustStore Tag
jmane Dec 1, 2012 11:21 AM (in response to jmane)Darran,
The <authorization/> tag element (please see below) setting seems to be ignored completely when no matching role in the application-roles.properties file for the principal name (from the certificate).
Do you happen to know the implementation class for the truststore tag element? Thank you!!
<security-realm name="ApplicationRealm"> <server-identities> <ssl> <keystore path="myKeyStore.jks" keystore-password="password"/> </ssl> </server-identities> <authentication> <truststore path="myTrustStore.jks" keystore-password="password"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm>