3 Replies Latest reply on May 23, 2006 10:23 AM by chris griffith

    structure of rolesQuery

    Yogendra Rampuria Newbie

      I have no clue if this has been covered before.

      While defining application-policy in login-config.xml in the roles query i have to fram the query like this

      Select somecollumn , 'Roles' from sometable where some_user_id = ?

      Is it so that the second collumn should always be 'Roles'?

      I got the authentication working through this type of query. Earlier when I tried to query some other column in that place my roles were not assigned as a result I was getting authenticated but had no access to resources asking for specific role, even when the database was configured for the same.

      Also, I have a standalone Tomcat server for development. I would like that server to use the authentication policy defined on jboss application server. is there a way to do it?

        • 1. Re: structure of rolesQuery
          chris griffith Expert


          If you read jboss server guide section (http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#ch8.dabaseserverloginmodule.sect)
          , you will see how this module works. To answer your first question. It depends on your database. If your table that stores roles has a column to allow you to group your roles, then you would use that column. One good use of this concept is if a user has different roles for different applications. Thus at login time, you really only want the roles for user in app x. Then your second column of the query could use this value to select only roles for that app.

          Please clarify your second question. Do you want your standalone Tomcat to actually defer security to the JBoss container? Or do you just want to use the policy definition?


          • 2. Re: structure of rolesQuery
            Yogendra Rampuria Newbie

            I would like the tomcat server to refer the auth policy (bound to some jndi name) defined in jboss.
            I know that the jndi name is java:/jaas/XXXX making it inaccessible from out side. what could be done?

            one idea that i have is to write a login module(JAAS) and make sql query to the datasource same as being used by the jboss authentication policy.

            • 3. Re: structure of rolesQuery
              chris griffith Expert


              In the past, I may have thought this was possible, but now I do not think there is any means already to do that. I do know that if you could access JBoss's mbean server, you could get the SecurityMangerServiceMBean and defer authentication to it. Sorry, I could not be of more help as I have never tried this. I hope someone else in this forum could add to this.