[jboss-user] [Security & JAAS/JBoss] - Re: writing new LoginModul - unable to replace Principal ??

[info@connext.co.za]

Good Day,

There are two parts this:
1. Customise the Principal class
2. Retrieving the CallingPrincipal

1. Customise the Principal class
By default the LoginModules in JBoss make use of the SimplePrincipal class to denote principals in the system. It is easy to change the principal that the LoginModules create by setting the principalClass of the LDAPLoginModule in login-conf.xml

Example
<module-option name="principalClass">za.co.connext.jboss.LDAPPrincipal</module-option>

Just remember that the Principal class needs a constructor that takes the name of the user as a parameter.

2. Retrieving the CallingPrincipal
To enable to session context to retrieve the caller principal, the login module should save the information in the Subject.

The easiest way is to create a SimpleGroup with the name CallerPrincipal and add your principal object to it. Add the CallerPrincipal group to the principals collection of the subject. You should check the principals collection first to determine if the CallerPrincipal group was added by a LoginModule further up the chain. All of this should be done in the commit method of the LoginModule. In my implementations when using JBoss is to always to do a super.commit() before adding my custom logic in the commit method.

Hope this helps.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971262#3971262

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971262