2 Replies Latest reply on Jul 30, 2004 6:19 PM by sebastien

    role set with DatabaseServerLoginModule

    sebastien Newbie


      1. does the DatabaseServerLoginModule support a set of roles for a principal as does the UsersRolesLoginModule ?
      for instance I could get the following working with role.properties:


      yet when using DatabaseServerLoginModule

      INSERT INTO Roles VALUES ('sblancn', 'viewer,operator,ntwadmin', 'Roles');

      'sblancn' login fails to authenticate.

      looks like the code launches the SQL 'select Role, RoleGroup from Roles where PrincipalID=?' but then expects only one role.

      is there any way to do so with the default DB module ?

      2. any case, I need to develop some JSPs to be able to administrate the Principals and Role DB and don't want to use SQL directly. I'm planning on developing a Principals and a Roles entity beans, then implement a custom UsernamePasswordLoginModule login to call these 2 beans. is this the rigth way to go ?

      Thank you.


        • 1. Re: role set with DatabaseServerLoginModule
          Julien Dubois Newbie


          Concerning your first question, I suggest you do a "ROLE" table, with one role per user per row:
          USER ROLE
          sblancn viewer
          sblancn operator
          sblancn ntwadmin
          jdubois viewer

          Concerning your second question. Using a custom LoginModule is not really interesting:
          - I don't think it will be able to look at the EJBs in your EARs
          - It will not provide a great performance improvement (JBossSX caches the principals/roles for 30 minutes)
          - The DatabaseLoginModule is already there to do this kind of job.

          What you could do (and that's what I've done at work), is to create EJBs to manage your users/roles, and to use the DatabaseLoginModule to run SQL queries directly to your user/role tables.


          • 2. Re: role set with DatabaseServerLoginModule
            sebastien Newbie

            Thanks Julien, I swapped my method-permission and role from

            * @ejb.permission role-name="admin"


            * @ejb.permission role-name="viewer,operator,ntwadmin,admin"

            and it did the trick.