JBoss AS 7, LDAP + custom roles
chrisburrell Mar 6, 2013 4:56 PMHi
I've successfully managed to configure LDAP with JBoss. I want to source the roles elsewhere however. Can someone give me a hint as to how I would do that?
Here's the config I have so far...
jboss-web.xml
<jacc-star-role-allow>true</jacc-star-role-allow>
web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>All resources</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method> <realm-name>MyRealm</realm-name> </login-config>
<security-domain name="other"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.provider.url" value="ldap://myldap:389/"/> <module-option name="bindDN" value="myuser"/> <module-option name="bindCredential" value="mypassword"/> <module-option name="baseCtxDN" value="..."/> <module-option name="baseFilter" value="(...={0})"/> <module-option name="uidAttributeID" value="..."/> <module-option name="roleAttributeID" value="..."/> <module-option name="roleAttributeIsDN" value="true"/> <module-option name="rolesCtxDN" value="..."/> <module-option name="roleFilter" value="(sAMAccountName={0})"/> </login-module> </authentication> </security-domain>
For example, would it be possible to give a default role to every user?
Can I derive this from a datasource?
Cheers
Chris