No, this is not notion that the DatabaseServerLoginModule supports so you would have to write a custom version.
while configuring DatabaseServerLogin module,
just curious on why can't the rolesQuery contain rolegroup value ?
<module-option name = "rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
where RoleGroup value could be group1,group2 etc
If this is possible, then I may not have to write the custom DB login module. Could you please clarify this ?
Look at the source to understand why this would have no affect. If you create a custom version that you think is a generalization that should be incorporated create a jira issue for the updated version:
I did look at the code for DataBaseServerLoginModule which calls Util.getRoleSets(...) method.
String name = rs.getString(1);
String groupName = rs.getString(2);
if( groupName == null || groupName.length() == 0 )
groupName = "Roles";
Group group = (Group) setsMap.get(groupName);
if( group == null )
group = new SimpleGroup(groupName);
It is retriving the group name from the DB and creating the Group properly. So, I should be expecting the rolesquery to rerive group name.
sorry, if am I missing something ?
That as described in chap8 of the dev guide, only the Roles group is used for matching the j2ee descriptor roles. Read the current usage of the subject roles and come up with something different: