4 Replies Latest reply on Jun 28, 2006 1:16 PM by Scott Stark

    JBAS-1477: Pass in the security-domain name to the login mod

    chris griffith Expert

      This thread refers to task http://jira.jboss.com/jira/browse/JBAS-1477.

      This simple task is to allow a login module to know what application-policy (i.e. security-domain) it is a member of. This is useful to diagnose configuration problems that default to "other" security domain. However, there are several ways to do this task. The major factors in the decision seem to me to be how deep a change do we want to make and how much user interaction do we want to get this to work. Three options I have come up with are...

      1) just add a new module option to AbstractServerLoginModule called securityDomain. If set in config to name of application-policy then it can be displayed during LM init(). This is the easiest to due, requires the least amount of JBossSX changes, but requires a user to add the module-option value in config.

      2) do #1 and modify XMLLoginConfigIml to automatically set the option. This makes the user not have to worry about anything.

      3) follow my original suggestion in JIRA task. Make a SecurityDomainCallback that can be obtained from LM along with other modifications. This also would require no user interaction, but causes the most amount of change to JBossSX.

      I am not sure how you feel about the sometimes competing issues of user friendlieness vs. extent of JBoss modification. Any suggestions appreciated.

      thanks, cgriffith