2 Replies Latest reply on Jul 1, 2004 7:44 AM by pedrosalazar

    JAAS and permission roles in EJB

    pedrosalazar
    pedrosalazar Jun 30, 2004 11:13 AM

      Greetings,

      When I use a UsersRolesLoginModule or a DatabaseServerLoginModule, I have a explicit role field that will be used to the authorization for a specific method.

      What happens when we use a certificate, a kerberos or a ldap login module (I don't know if JBOSS supports it but JAAS should support), for the authorization for secured EJBs?

      How the roles will be handled in those situations?

      regards,
      Pedro Salazar.

      • 3622 Views
      • Tags:
        • 1. Re: JAAS and permission roles in EJB
          cbrettin
          cbrettin Jun 30, 2004 10:42 PM (in response to pedrosalazar)

          You will simply have a different login module. Roles are treated exactly the same. You can use a module that does its own role loading (such as CertRolesLoginModule and DatabaseCertLoginModule) or stack a role loading module after the authentication module as is done in the wiki example:

          http://www.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule

            • Actions
          • 2. Re: JAAS and permission roles in EJB
            pedrosalazar
            pedrosalazar Jul 1, 2004 7:44 AM (in response to pedrosalazar)

            OK, I think I understand how it works now:

            We add 2 levels of authentication: a certificate login module or a login role module.
            The first level of authentication would be the certificate login module, and after that, using the user/password already authenticated ("useFirstPass"), it will match the role associated in the roles.properties.

            That's just fine. I was supposing that the certificate login module could handled also the roles, but it never can do that because it was never designed for that. It must work in collaboration with a specific role login modle.

            Thanks,
            Pedro Salazar.

              • Actions