[jboss-dev-forums] [Design of Security on JBoss] - Role generation and mapping

Role Generation: Historically, we have had role generation as part of the JAAS authentication process we do. The login modules populate the subject with a group called as "Roles". I want to provide RoleGeneration facilities at the security domain level. We will still maintain legacy role generation expectations as part of the Jaas layer. Use case: User may perform authentication against the ldap server using a custom login module not inheriting from JBoss AbstractServerLoginModule. Then can use JBoss RoleGeneration modules specified at the security domain to generate the roles from a DB, LDAP server, properties file wherever. Role Mapping: Once the roles are generated and placed into the security context, the users can always apply mapping modules to the roles in the context. Use case: As part of the security domain, for a particular principal, a set of roles are generated. The security domain is not dependent on a particular application or deployment. But an user may wish to apply specific mapping to roles based on the deployment or principal name or resource type etc. I am looking for feedback mainly on the role generation part. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121462#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...