Define and use multiple security domains in JBoss EAP 7
nitin_jain Nov 27, 2016 11:36 PMHello Forum,
In my application till now, I had defined one security domain to authenticate the users.
JBoss Configuration
<security-domain name="JSFRealm1" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/jdbc/mysql-1"/>
<module-option name="principalsQuery" value="select password from user_login where email=?"/>
<module-option name="rolesQuery" value="select role_name, 'Roles' from user_role u where u.email=?"/>
</login-module>
</authentication>
</security-domain>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/JSFRealm1</security-domain>
</jboss-web>
Login Bean
public String login() throws IOException {
String navigation = "";
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest) externalContext.getRequest();
try {
Principal userPrincipal = request.getUserPrincipal();
if (null != userPrincipal) {
request.logout();
}
request.login(email, password);
HttpSession session = Util.getSession();
session.setAttribute("loginName", email);
userPrincipal = request.getUserPrincipal();
if (request.isUserInRole(AppUserRole.APP_ADMIN.toString())) {
message = "Logged in as application administrator!";
navigation = "appAdmin";
userDetailsVO.setRole(AppUserRole.APP_ADMIN.toString());
} else if (request.isUserInRole(AppUserRole.PROJECT_USER.toString())) {
message = "Logged in as project administrator!";
navigation = "projUser";
userDetailsVO.setRole(AppUserRole.PROJECT_USER.toString());
}
userDetailsVO.setUserName(email);
return navigation;
} catch (ServletException e) {
// Handle unknown username/password in request.login().
context.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_WARN, "Invalid Login!", "Please Try Again!"));
return "login";
}
}
Query
There is a requirement now to use different databases to authenticate 2 different set of users. The databases cannot be merged. Is it possible to define a new security domain (show below) and then choose a particular domain to authenticate the user based on the differentiator?
JBoss Configuration
<security-domain name="JSFRealm1" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/jdbc/mysql-1"/>
...................................
</login-module>
</authentication>
</security-domain>
<security-domain name="JSFRealm2" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/jdbc/mysql-2"/>
.................................................
</login-module>
</authentication>
</security-domain>
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/JSFRealm1</security-domain>
</jboss-web>
<jboss-web>
<security-domain>java:/jaas/JSFRealm2</security-domain>
</jboss-web>
Please advise.
Best Regards,
Nitin