[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remote client access with database login module: user name and password are UUIDs

andrei povodyrev [https://community.jboss.org/people/apovodyrev] created the discussion "Re: Remote client access with database login module: user name and password are UUIDs" To view the discussion, visit: https://community.jboss.org/message/724406#724406 -------------------------------------------------------------- Daniel, I use Jboss 7.1.0. password-stacking will work if you have more than one LoginModule. Say, you leave security realm for remoting unchanged (ApplicationRealm configured by application-users.properties),  Then org.jboss.as.security.remoting.RemotingLoginModule will place principal in the sharedState map maintained by javax.security.auth.login.LoginContext. Then your DatabseServerLoginModule gets its turn it will pick the pricipal cached by RemotingLoginModule. If <module-option name="password-stacking" value="useFirstPass"/> is enabled. Your suggestion for dummy LoginModule is good. There you can place principal/credential supplied by remote client(remote.connection.default.username/password) into sharedState which in turn will be picked up by any other LoginModule in the array of applications deployed on this jboss instance. I see configuration could be like this |             | <security-realm name="ApplicationRealm"> | |                 | <authentication> | |                     | <jaas name="my-dummy-domain"/> | |                 | </authentication> | |             | </security-realm> | |             | <security-domain name="my-dummy-domain" cache-type="default"> | |                 | <authentication> | |                     | <login-module code="MyDummyLoginModule" flag="required"> | |                         | <module-option name="password-stacking" value="useFirstPass"/> | |                     | </login-module> | |                 | </authentication> | |             | </security-domain> | |             | <security-domain name="myRealDomain" cache-type="default"> | |                 | <login-module code="Database" flag="required"> | |                     | <module-option name="password-stacking" value="useFirstPass"/> | |                     | <module-option name="dsJndiName" value=""/> | |                     | <module-option name="principalsQuery" value="select password ..?"/> | |                     | <module-option name="rolesQuery" value="select ur.role, 'Roles' from ..."/> | |                 | </login-module> | |             | </security-domain> | Pls, let me know if you use your dummy loginmodule in a similar way Andrei -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/724406#724406] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]