0 Replies Latest reply on Jan 18, 2008 6:24 PM by Anil Saldanha

    Role generation and mapping

    Anil Saldanha Master

      Role Generation:
      Historically, we have had role generation as part of the JAAS authentication process we do. The login modules populate the subject with a group called as "Roles". I want to provide RoleGeneration facilities at the security domain level. We will still maintain legacy role generation expectations as part of the Jaas layer.

      Use case: User may perform authentication against the ldap server using a custom login module not inheriting from JBoss AbstractServerLoginModule. Then can use JBoss RoleGeneration modules specified at the security domain to generate the roles from a DB, LDAP server, properties file wherever.

      Role Mapping:
      Once the roles are generated and placed into the security context, the users can always apply mapping modules to the roles in the context.

      Use case: As part of the security domain, for a particular principal, a set of roles are generated. The security domain is not dependent on a particular application or deployment. But an user may wish to apply specific mapping to roles based on the deployment or principal name or resource type etc.

      I am looking for feedback mainly on the role generation part.