[JBoss Portal] - Re: JBoss Portal LDAP Setup
by dhartford
That's great bdaw!!
I would like to carry over roles from the LDAP, but since the Portal may have new roles I was going with the use-case of moving all the roles to the portal-oriented-DB.
With that last option for the SynchronizingLdapLoginModule:
- authenticate against LDAP + synchronize ldap user into portal DB + assign such user to specified portal role + try to synchronize all the roles obtained for such user from LDAP into portal DB
That is perfect for my use case, and probably other people with similar scenarios. I look forward to checking out the Beta release (pending the date), or may grab from SVN if I have an opportunity.
Do you have a direct-sample related to the last option for the login-config.xml and related portal identity-* configs (tieing the two-to-three configs together is part of the challenge)?
p.s. I really like the idea of re-using my existing login modules instead of re-setting it up in the portal identity files, thank you :-)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018925#4018925
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018925
19Â years, 2Â months
[JBoss Portal] - Re: JBoss Portal LDAP Setup
by bdaw
I recently added SynchronizingLdapLoginModule that extends LdapLoginModule from JBossSX and SynchronizingLdapExtLoginModule that does the same for LdapExtLoginModule You can use them to
- just authenticate against LDAP + inject additional role principal which is used to secure portal application
- authenticate against LDAP + synchronize ldap user into portal DB
- authenticate against LDAP + synchronize ldap user into portal DB + assign such user to specified portal role
- authenticate against LDAP + synchronize ldap user into portal DB + assign such user to specified portal role + try to synchronize all the roles obtained for such user from LDAP into portal DB
as you see it can be quite flexible. It's in svn trunk and will be in beta but there is no documentation. Just look at commented block of code in login-config.xml - minimal documentation is in comment block
You need to remember that it's hard to decouple users and roles because of relationship. So you can't just keep users in LDAP and roles in DB.
With current identity modules implementation you can keep most imformation about users directly in LDAP anyway. This is documented for beta.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018915#4018915
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018915
19Â years, 2Â months
[Security & JAAS/JBoss] - Re: Latest JAAS Tutorial for Database communication
by aleksab
What about when you want to secure a client?
I've added a policy to the conf/login-config.xml, which seems to work. It connects to the database, but the username is always null (found out by examining the mysql log)
In the client i'm using a LoginContext, and i've included
| <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
|
in the conf/login-config.xml like the FAQ says I must do in order for the authentication info propagating to the called component.
But the principal (and password I assume) is never propagating.
My client looks like this:
| LoginContext loginContext = new LoginContext("pn-login", new CallbackHandler());
| loginContext.login();
|
| Hashtable<String, String> env = new Hashtable<String, String>();
| env.put(InitialContext.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.NamingContextFactory");
| env.put(InitialContext.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
| env.put(InitialContext.PROVIDER_URL, "jnp://localhost:1099");
|
| Context ctx = new InitialContext(env);
| SecurityBean bean = (SecurityBean) ctx.lookup("SecurityBeanImpl/remote");
|
When i call
| System.out.println("Unsecure string: " + bean.getSimpleString());
|
i get this exception:
| javax.security.auth.login.FailedLoginException: No matching username found in Principals
|
What am i doing wrong? Been struggling with this for some time now...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018914#4018914
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018914
19Â years, 2Â months