Hello, I'm researching JBoss Portal for a few projects. After browsing through the documentation, I have a few questions about JAAS and SSO. If someone has a few minutes to either go into detail on a few points or direct me to some further documentation, I'd greatly appreciate it.
As I understand the software (from the reference documentation), the permissions are mapped to roles in the jboss-portlet.xml. These roles are defined in the database and managed via the roles portlet. Obtaining authorization for a permission is done by a call to JBossRenderRequest or JBossActionRequest's hasPermission(permission) method.
Are there methods to obtain the Principal or the Subject? For instance, I will need to somehow authenticate and authorize the user in my service layer which will most likely be a remote or local EJB sesssion facade. What would be considered the best practice for accomplishing this under your famework/API?
Also, are there any modules written for obtaining authentication/authorization against other user stores (LDAP, etc.) or is this left to the developer to implement via some custom LoginModule or other means?
if you want the principal, use req.getUserPrincipal().
there is no standard way to get the JAAS subject, however you can use JBoss AS specific API to get it.
For authentication, you should configure the ldap login module indeed. But you still need to store your users into the portal database (until we have an ldap UserModule/RoleModule)