Yes, I can.
What I want to achieve is what Adrian suggested in his first post in this thread:
anonymous wrote :
| make security domains deployable inside the MC by writing a BeanMetaDataFactory
|
| <bean name="Whatever" ...>
| <property name="securityDomain><inject name="jbossmq"
property="securityDomain"/></property>
| </bean>
|
| <application-policy xmlns="urn:jboss-security-beans:1.0"
name="jbossmq">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name =
"unauthenticatedIdentity">guest</module-option>
| <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD
FROM JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID,
'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
I've started by taking a look at the aop-mc integration, as AOP had to define their
beans and metadata factories to make it possible to use the aop elements in the -beans.xml
files.
So I've created a module, security-mc-int under the microcontainer project (not sure
it should be there, just using the same approach AOP has taken), defined the beans,
defined the security-beans.xsd, and started the implementation of the metadata factory.
This factory is responsible for providing the metadata that is used to create the beans
from the information parsed. An example of the beans that would result from the factory
follows:
| <bean name="jbossmq"
class="org.jboss.security.microcontainer.beans.ApplicationPolicyBean>
| <property name="authenticationPolicy"><inject
bean="jbossmq$AuthPolicy"/></property>
| </bean>
|
| <bean name="jbossmq$AuthPolicy"
class="org.jboss.security.microcontainer.beans.AuthenticationPolicyBean">
| <property name="loginModules">
| <list>
| <inject bean="jbossmq$LoginModule1"/>
| <inject bean="jbossmq$LoginModule2"/>
| </list>
| </property>
| </bean>
|
| <bean name="jbossmq$LoginModule1"
class="org.jboss.security.microcontainer.beans.LoginModuleBean">
| <property name="flag">required</property>
| <property
name="code">org.jboss.security.auth.spi.UsersRolesLoginModule</property>
| <property name="moduleOptions">
| <map keyClass="java.lang.String"
valueClass="java.lang.String">
| <entry>
| <key>usersProperties</key>
| <value>jboss-users.properties</value>
| </entry>
| <entry>
| <key>rolesProperties</key>
| <value>jboss-roles.properties</value>
| </entry>
| </map>
| <property>
| </bean>
|
| <bean name="jbossmq$LoginModule2"
class="org.jboss.security.microcontainer.beans.LoginModuleBean">
| <property name="flag">optional</property>
| <property
name="code">org.jboss.security.auth.spi.DataBaseServerLoginModule</property>
| <property name="moduleOptions">
| <map keyClass="java.lang.String"
valueClass="java.lang.String">
| <entry>
| <key>principalsQuery</key>
| <value>SELECT PASSWD FROM USERS WHERE USER_ID=?</value>
| </entry>
| <entry>
| <key>rolesQuery</key>
| <value>SELECT ROLE_ID, 'Roles' FROM ROLES WHERE
USER_ID=?</value>
| </entry>
| </map>
| <property>
| </bean>
|
The top-level ApplicationPolicyBean would, after being initialized, push the
ApplicationPolicy to the security layer to register the new policy (along with the login
modules configuration).
I still have to figure out a couple of things. First, can I add post-installation behavior
to my beans just by implementing the install and uninstall methods or is it necessary to
configure an aop lifecycle for that? Second, I don't expect things to magically happen
just by defining the metadata factory. Somehow I must bind it to the schema being parsed
(that is, somehow the MC must know which factory to use when facing an application-policy
element).
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146902#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...