jboss 7 teiid 8 login module
gamvi01 Oct 29, 2012 4:06 PMHi
I want to enable authentication for teiid at datasource level.
<security-domain name="teiid-security" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="chorus-teiid-security" cache-type="default">
<authentication>
<login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="required"/>
</authentication>
</security-domain>
<security-domain name="chorus-login-security" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient">
<module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>
</login-module>
<login-module code="com.ca.mfui.chorusR2.common.security.ChorusLoginModule" flag="sufficient"/>
</authentication>
</security-domain>
<transport name="embedded">
<authentication security-domain="chorus-login-security"/>
</transport>
For our application during the boostrap process when we load the metadata as teiid needs connection to finish the bootstap process, it uses the default module UsersRolesLoginModule(which would authenticate using the admin credentials) and when the application launches up i want o use the loggedin user credentials to do the authentication where i want to use ChorusLoginModule.ChorusLoginModule extends javax.security.auth.spi.LoginModule. In this login module i authenticate using loggedin user and add tat princiapl to subject.
what is difference betwen having <authentication security-domain="chorus-login-security"/> vs <authentication security-domain="teiid-security,chorus-teiid-security"/>
One difference i know is :
chorus-login-security requires any of hte loginmodule to succeed . Once it succeeds it would switch to application. But would it throw any exception?
I jkeep seeing the below in my logs when i enable debug level. Is there any way i can configure UsersRolesLoginModule to be done only for the users i mention?
va.lang.String, class java.lang.String, class java.lang.String, class java.lang.String] of type PROCESSOR
19:24:20,009 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (Worker75_QueryProcessorQueue8529) Bad password for username=XXXXXXX
19:24:20,018 DEBUG [org.teiid.PROCESSOR] (Worker52_QueryProcessorQueue8202) Created intermediate sort buffer 3404
19:24:20,073 DEBUG [org.teiid.BUFFER_MGR] (Worker52_QueryProcessorQueue8202) Removing TupleBuffer: 3404
If we dont enable authention in standalone-teiid.xml but specify security domain in a ds file , (either ldap or jdbc) etc would that still make authentication to pass through login module and fetch me the princiapl at the place i need it ?
and should that datasource be defined as an XA datasource ?