3 Replies Latest reply on Dec 1, 2012 11:21 AM by Jeman Leo

    Extend Security Realm TrustStore Tag

    Jeman Leo Newbie

      I am trying to extend the security realm's truststore tag to hook the application_roles.properties for permission checking in addition to the user's certificate.  I wonder if anyone have done this and/or kindly show me the underlining classes for this extension.  Please see the XML fragment below.

       

      <security-realm name="RemoteRealm">

        <authentication>

           <trustore path="mystore.jks" keystore-password="mypassword">

             <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

           </trustore>

        </authentication>

      <authentication>

       

      Thank you very much for your help & time.

        • 1. Re: Extend Security Realm TrustStore Tag
          Darran Lofthouse Master

          What are you using this realm for?

           

          To load roles from a properties file you should add an <authorization> element after the closing </authentication element and define the properties there.

          • 2. Re: Extend Security Realm TrustStore Tag
            Jeman Leo Newbie

            Hi Darran.  This is for remoting connection from JMS and/or EJB.  We have remote apps that rely on user certificates for authentication but since every has a certificate and we don't want all to connect, we have to see if user CN=blah has a REMOTE role in the roles.properties file.

             

            I totally forgot about the <authorization> completely.  I will try that with our custom LDAP security domain login module.  Thank you very much for your time.

            • 3. Re: Extend Security Realm TrustStore Tag
              Jeman Leo Newbie

              Darran, 

               

              The <authorization/> tag element (please see below) setting seems to be ignored completely when no matching role in the application-roles.properties file for the principal name (from the certificate).  

               

              Do you happen to know the implementation class for the truststore tag element?  Thank you!!

               

                      <security-realm name="ApplicationRealm">
                          <server-identities>
                              <ssl>
                                  <keystore path="myKeyStore.jks" keystore-password="password"/>
                              </ssl>
                          </server-identities>
                          <authentication>
                              <truststore path="myTrustStore.jks" keystore-password="password"/>
                          </authentication>
                          <authorization>
                              <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                          </authorization>
                      </security-realm>