1 Reply Latest reply on Jul 30, 2005 12:12 PM by starksm64

JAAS/LDAP - retrieve user roles from ldap using ldaploginmod

sivaprasad_u Jul 21, 2005 10:26 AM

Hi,

Ldaploginmodule of Jboss does the authentication and authorization. (Sample code provided below)

Assume that ldaploginmodule configured in auth.conf , users & roles are configured in ldap.

logincontext.login() --> This performs authentication with LDAP using ldaploginmodule, Also retrieves the roles assigned to that user and assign them to one of the ldaploginmodule attribute.

These roles can be retrieved using gerRoleSets() method of ldaploginmodule.

As the Client directly not interacting with ldaploginmodule instead this module has being called form logincontext class. Logincontext class does not provide methods to call gerRolesSet().

How to retrieve these user roles? does this retrieval using logincontext or any other alternate approach?

Sample Code:

try {
System.getProperties().setProperty("java.security.auth.login.config",TestConnect.class.getClassLoader().getResource("ldap.conf").toExternalForm());
LoginContext loginContext = new LoginContext("ldapClient", new
UsernamePasswordCallbackHandler("username", "password"));
loginContext.login();

// How to retrieve the user roles from ldaploginmodule

} catch (NamingException e) {
e.printStackTrace();
} catch (RemoteException e) {
e.printStackTrace();
} catch (CreateException e) {
e.printStackTrace();
} catch (LoginException e) {
e.printStackTrace();
}

1. Re: JAAS/LDAP - retrieve user roles from ldap using ldaplogi

starksm64 Jul 30, 2005 12:12 PM (in response to sivaprasad_u)

Read the security chapter in the admin/devel guide for the details. The roles (and any information for that matter) is always in the Subject since that is the only accessible by-product of a jaas authentication.

http://www.jboss.org/products/jbossas/docs
Actions