[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remote client access with database login module: user name and password are UUIDs
andrei povodyrev
do-not-reply at jboss.com
Fri Mar 16 15:06:17 EDT 2012
andrei povodyrev [https://community.jboss.org/people/apovodyrev] created the discussion
"Re: Remote client access with database login module: user name and password are UUIDs"
To view the discussion, visit: https://community.jboss.org/message/724406#724406
--------------------------------------------------------------
Daniel,
I use Jboss 7.1.0. password-stacking will work if you have more than one LoginModule. Say, you leave security realm for remoting unchanged (ApplicationRealm configured by application-users.properties), Then org.jboss.as.security.remoting.RemotingLoginModule will place principal in the sharedState map maintained by javax.security.auth.login.LoginContext. Then your DatabseServerLoginModule gets its turn it will pick the pricipal cached by RemotingLoginModule. If <module-option name="password-stacking" value="useFirstPass"/> is enabled.
Your suggestion for dummy LoginModule is good. There you can place principal/credential supplied by remote client(remote.connection.default.username/password) into sharedState which in turn will be picked up by any other LoginModule in the array of applications deployed on this jboss instance.
I see configuration could be like this
| | <security-realm name="ApplicationRealm"> |
| | <authentication> |
| | <jaas name="my-dummy-domain"/> |
| | </authentication> |
| | </security-realm> |
| | <security-domain name="my-dummy-domain" cache-type="default"> |
| | <authentication> |
| | <login-module code="MyDummyLoginModule" flag="required"> |
| | <module-option name="password-stacking" value="useFirstPass"/> |
| | </login-module> |
| | </authentication> |
| | </security-domain> |
| | <security-domain name="myRealDomain" cache-type="default"> |
| | <login-module code="Database" flag="required"> |
| | <module-option name="password-stacking" value="useFirstPass"/> |
| | <module-option name="dsJndiName" value=""/> |
| | <module-option name="principalsQuery" value="select password ..?"/> |
| | <module-option name="rolesQuery" value="select ur.role, 'Roles' from ..."/> |
| | </login-module> |
| | </security-domain> |
Pls, let me know if you use your dummy loginmodule in a similar way
Andrei
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/724406#724406]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120316/92a931bd/attachment.html
More information about the jboss-dev-forums
mailing list