1 Reply Latest reply on Jan 18, 2007 2:14 PM by Boleslaw Dawidowicz

    Custom Authentication

    anu123suya Newbie

      I am authenticating using an external datasource and would like to bypass the JBoss Portal Authentication. Is this possible by complete elemination of the Portal DS?
      What will be the further implication on role management of users?


      Please help.



        • 1. Re: Custom Authentication
          Boleslaw Dawidowicz Master

          First of all PortalDS is not only for users. Portal objects, security and etc. is persisted there. Then rhere are two separate issues here:
          1) Users management - so you can keep users in any other place. Abstraction is made by implementing UserModule and RoleModule (in 2.4) plus MembershipModule and UserProfileModule (in 2.6)

          2) Authetication. JBoss Portal just plugs into JAAS in JBoss AS so in this case JBossSX. Look at login-config.xml. Portal implementation of LoginModule interface just relies on UserModule and RoleModule, and you need to inject additional role for each user (by default "Authenticated") that is used for securing Portal Servlet (look in web.xml for portal-server.war). You can use any other LoginModule implementation - just remember about portal servlet security.