[jboss-user] [Security & JAAS/JBoss] - JAAS: Where do I begin?

[Steve++]

[JAAS-RAGE]I have been googling the whole day trying to figure out how to get started with JAAS on JBoss. I already know the non-JAAS stuff, such as annotating session bean methods with roles. I thought I would be able to write my own username/password authentication in a stateless session bean and have it create a stateful session bean with the appropriate role (or should I say Principal), but there seems to be know way to programmatically set the role. Roles seem to be only statically defined.

So I am at the mercy of JAAS. But there is absolutely no useful documentation that explains how to use username/password authentication to set the Principle (or whatever it is called). I have looked at the article referenced in the sticky, but all it does is give the inner workings down to every minute detail of how JBoss implements JAAS, whereas all i need is the 5 or so lines that show me how to use it.

Does such documentation exist?

I also need to know how to actually create usernames/passwords/roles from an admin perspective. There seems to be absolutely zero information about this. It seems like only the implementors of JAAS know how to use JAAS. Or maybe they don't, because if they did then they would probably write a proper tutorial on how to use it (rather than having us indulge their egoes by sifting through reams of waffle only to find nothing useful).

It seems like my best option right now would be to screw the 50 layers of abstraction i have to cut through to use this and implement security myself.

Unless someone can point me in the right direction.
[/JAAS-RAGE]

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3996697#3996697

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3996697