[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remote client access with database login module: user name and password are UUIDs

andrei povodyrev do-not-reply at jboss.com
Fri Mar 16 15:06:17 EDT 2012 

andrei povodyrev [https://community.jboss.org/people/apovodyrev] created the discussion

"Re: Remote client access with database login module: user name and password are UUIDs"

To view the discussion, visit: https://community.jboss.org/message/724406#724406

--------------------------------------------------------------
Daniel,
I use Jboss 7.1.0. password-stacking will work if you have more than one LoginModule. Say, you leave security realm for remoting unchanged (ApplicationRealm configured by application-users.properties),  Then org.jboss.as.security.remoting.RemotingLoginModule will place principal in the sharedState map maintained by javax.security.auth.login.LoginContext. Then your DatabseServerLoginModule gets its turn it will pick the pricipal cached by RemotingLoginModule. If <module-option name="password-stacking" value="useFirstPass"/> is enabled. 

Your suggestion for dummy LoginModule is good. There you can place principal/credential supplied by remote client(remote.connection.default.username/password) into sharedState which in turn will be picked up by any other LoginModule in the array of applications deployed on this jboss instance.

I see configuration could be like this
|              | <security-realm name="ApplicationRealm"> |
|                  | <authentication> |
|                      | <jaas name="my-dummy-domain"/> |
|                  | </authentication> |
|              | </security-realm> |

|              | <security-domain name="my-dummy-domain" cache-type="default"> |
|                  | <authentication> |
|                      | <login-module code="MyDummyLoginModule" flag="required"> |
|                          | <module-option name="password-stacking" value="useFirstPass"/> |
|                      | </login-module> |
|                  | </authentication> |
|              | </security-domain> |

|              | <security-domain name="myRealDomain" cache-type="default"> |
|                  | <login-module code="Database" flag="required"> |
|                      | <module-option name="password-stacking" value="useFirstPass"/> |
|                      | <module-option name="dsJndiName" value=""/> |
|                      | <module-option name="principalsQuery" value="select password ..?"/> |
|                      | <module-option name="rolesQuery" value="select ur.role, 'Roles' from ..."/> |
|                  | </login-module> |
|              | </security-domain> |

Pls, let me know if you use your dummy loginmodule in a similar way
Andrei
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/724406#724406]

Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120316/92a931bd/attachment.html

More information about the jboss-dev-forums mailing list