2 Replies Latest reply on Nov 3, 2004 11:58 AM by zsoltvincze

    What sort is JAAS-compatibility for JBoss?

    Yuriy Guskov Newbie

      How JBoss is JAAS-compatible? As I understand this compatibility has to be understood only from the point of view of client, right? I mean that for example LoginModules are not very JAAS-compatible and if you should write your own custom one you definitely need to inherit from one of JBoss modules. If I'm right or I'm missing something?

      Actually, as I understand internal JAAS-compatibility would be possible if I could write login module inherited from javax.security.auth.spi.LoginModule and it would work under JBoss. But when I tried such a module failed. So, my conclusion is JBoss is compatible only from the side of a client.

      Or this situation is changed in JBoss 4.0.0 which is claimed to be J2EE certified and such things...?

        • 1. Re: What sort is JAAS-compatibility for JBoss?
          Scott Stark Master

          J2EE does not define much in terms of requirements for JAAS. We have our own usage notion that is described in chap 8 of the online admin and devl guide. There is no requirement to subclass jboss JAAS login modules.

          • 2. Re: What sort is JAAS-compatibility for JBoss?
            zsoltvincze Newbie

            Yury,

            Can you share your experience on this subject with me?

            I'm trying to do exactly what you were asking about, such as, creating a module thatis inherited from the standard java login module. It seems to work fine but jboss still rejects the connection.

            I think my problem is that I'm not quite sure how I have to assign the roles to the principals.

            The simple test I'm doing is to:
            Specifies that only users in the Manager role can access the servlet
            In my login module, I somehow authenticate the user (that part runs fine) and in its commit method I try to add Manager to the subject.getPrincipals().

            Could you help me to fiure out how this should be done as I cannot find any document that would specify this.

            I tried
            getPrincipals(add (new MyPrincipal("Manager")))
            but , as I said, jboss rejects the access with a
            "Access to the requested resource has been denied" message after I type my credentials and my loginmodule runs.

            Thanks in advance.