JBoss Community

Re: Remote client access with database login module: user name and password are UUIDs

created by andrei povodyrev in JBoss AS 7 Development - View the full discussion

Daniel,

I use Jboss 7.1.0. password-stacking will work if you have more than one LoginModule. Say, you leave security realm for remoting unchanged (ApplicationRealm configured by application-users.properties), Then org.jboss.as.security.remoting.RemotingLoginModule will place principal in the sharedState map maintained by javax.security.auth.login.LoginContext. Then your DatabseServerLoginModule gets its turn it will pick the pricipal cached by RemotingLoginModule. If <module-option name="password-stacking" value="useFirstPass"/> is enabled.

Your suggestion for dummy LoginModule is good. There you can place principal/credential supplied by remote client(remote.connection.default.username/password) into sharedState which in turn will be picked up by any other LoginModule in the array of applications deployed on this jboss instance.

I see configuration could be like this

	<security-realm name="ApplicationRealm">
	<authentication>
	<jaas name="my-dummy-domain"/>
	</authentication>
	</security-realm>

	<security-domain name="my-dummy-domain" cache-type="default">
	<authentication>
	<login-module code="MyDummyLoginModule" flag="required">
	<module-option name="password-stacking" value="useFirstPass"/>
	</login-module>
	</authentication>
	</security-domain>

	<security-domain name="myRealDomain" cache-type="default">
	<login-module code="Database" flag="required">
	<module-option name="password-stacking" value="useFirstPass"/>
	<module-option name="dsJndiName" value=""/>
	<module-option name="principalsQuery" value="select password ..?"/>
	<module-option name="rolesQuery" value="select ur.role, 'Roles' from ..."/>
	</login-module>
	</security-domain>

Pls, let me know if you use your dummy loginmodule in a similar way

Andrei

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community