3 Replies Latest reply on Oct 26, 2005 10:07 PM by Scott Stark

    Add User Profile Data to login module

    Andrew Oliver Master

      For JBMS, I need some additional data associated with users that is arguably security related (for instance list of aliases and "default alias"). While I could come up with an additional construct for this, it will largely be a replica of the login module. Instead, I would like to add an additional interface which login modules can comply with.

      LmProfileExt {
      Object getValue(String key);
      }

      In addition I'd like to add optional options to the properties file, ldap and database login modules which in essence are an additional query (in the case of DB/LDAP) that gets key value pairs (duplicates allowed) associated with the user.

      For JBMS this would be for example:

      defaultAlias=myusername@here.com
      alias=myusername@here.com
      alias=myusername@there.com
      alias=first.last@here.com
      alias=first.last@there.com

      These key/value pairs would be stored in the CachePolicy (which is the interface to the cache) but rolled up into a single Map which would be stored under the key "profile". If the key/value pairs are duplicated then the key will be unified with a "set" in the value.

      Would this be acceptable? Any issues? Questions?

        • 1. Re: Add User Profile Data to login module
          Scott Stark Master

          How would the LmProfileExt be used, from the base class that subclass may implement? This is pretty much just a particular implementation of a CallbackHandler with a map type Callback so you could just use that and not require any specific contract be implemented by the login module. Instead, a CallbackHandler would be specified along with one or more Callback instances to populate. The problem is how to map the value into the subject.

          The additional queries seem fine.

          • 2. Re: Add User Profile Data to login module
            Andrew Oliver Master

            I'd probably just put it on the subclasses that implement it, since some login modules may not have extended properties.

            This can be JBoss specific, how about SecurityAssociation.getExtendedSubject() which returns ExtendedSubject which has the gets for the profile and "getSubject" for the normal subject?

            • 3. Re: Add User Profile Data to login module
              Scott Stark Master

              The SecurityAssociation is fragile to extend so I would be relucant to do that until we look further into what is required to integration with security frameworks like saml that also allow for extended subject attributes. Its not clear how this fits into the jaas authentication layer.