-
1. Re: group based authentication
starksm64 Nov 30, 2005 12:53 AM (in response to ralluri)No, this is not notion that the DatabaseServerLoginModule supports so you would have to write a custom version.
-
2. Re: group based authentication
ralluri Dec 27, 2005 11:09 AM (in response to ralluri)while configuring DatabaseServerLogin module,
just curious on why can't the rolesQuery contain rolegroup value ?
For example:
<module-option name = "rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
where RoleGroup value could be group1,group2 etc
If this is possible, then I may not have to write the custom DB login module. Could you please clarify this ? -
3. Re: group based authentication
starksm64 Dec 27, 2005 2:12 PM (in response to ralluri)Look at the source to understand why this would have no affect. If you create a custom version that you think is a generalization that should be incorporated create a jira issue for the updated version:
http://jira.jboss.com/jira/browse/JBAS -
4. Re: group based authentication
ralluri Dec 27, 2005 2:39 PM (in response to ralluri)I did look at the code for DataBaseServerLoginModule which calls Util.getRoleSets(...) method.
====
String name = rs.getString(1);
String groupName = rs.getString(2);
if( groupName == null || groupName.length() == 0 )
groupName = "Roles";
Group group = (Group) setsMap.get(groupName);
if( group == null )
{
group = new SimpleGroup(groupName);
setsMap.put(groupName, group);
}
====
It is retriving the group name from the DB and creating the Group properly. So, I should be expecting the rolesquery to rerive group name.
sorry, if am I missing something ? -
5. Re: group based authentication
starksm64 Dec 27, 2005 2:51 PM (in response to ralluri)That as described in chap8 of the dev guide, only the Roles group is used for matching the j2ee descriptor roles. Read the current usage of the subject roles and come up with something different:
http://www.jboss.com/products/jbossas/docs