Author: bdaw
Date: 2007-03-05 11:29:15 -0500 (Mon, 05 Mar 2007)
New Revision: 6541
Modified:
docs/trunk/referenceGuide/en/modules/authentication.xml
Log:
addons for Authentication chapter
Modified: docs/trunk/referenceGuide/en/modules/authentication.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 14:56:52 UTC (rev
6540)
+++ docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 16:29:15 UTC (rev
6541)
@@ -21,15 +21,15 @@
<title>JAAS Login Modules</title>
<para>JBoss Portal comes with few implementations of JAAS
<emphasis>LoginModule</emphasis> interface</para>
<sect2>
- <title>IdentityLoginModule</title>
+ <title>org.jboss.portal.identity.auth.IdentityLoginModule</title>
<para>TODO</para>
</sect2>
<sect2>
- <title>DBIdentityLoginModule</title>
+ <title>org.jboss.portal.identity.auth.DBIdentityLoginModule</title>
<para>TODO</para>
</sect2>
<sect2>
- <title>SynchronizingLdapLoginModule</title>
+
<title>org.jboss.portal.identity.auth.SynchronizingLdapLoginModule</title>
<para>
Use can use this module instead of IdentityLoginModule to bind to LDAP.
<emphasis>org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule</emphasis>
class is a wrapper around
@@ -77,7 +77,7 @@
For obvious reasons this is designed to use with portal identity modules
configured with DB and not LDAP</para>
</sect2>
<sect2>
- <title>SynchronizingLdapExtLoginModule</title>
+
<title>org.jboss.portal.identity.auth.SynchronizingLdapExtLoginModule</title>
<para>All options that apply for
<emphasis>SynchronizingLdapLoginModule</emphasis> also apply here. It's
the same kind of wrapper
made around <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule&quo...
from JBossSX.
Sample configuration can look like this:</para>
@@ -110,5 +110,52 @@
</mbean>]]>
</programlisting>
</sect2>
+ <sect2>
+
<title>org.jboss.portal.identity.auth.SynchronizingLoginModule</title>
+ <para>
+ This module is designed to provide synchronization support for any other
LoginModule placed in the authentication stack.
+ It leverages the fact that in JAAS authentication process occurs in two
phases. In first phase when login() method is invoked
+ it always returns "true". Because of this behaviour
<emphasis>SynchronizingLoginModule</emphasis> should be always used with
+ "optional" flag..
+ Morover it should be placed after module we want to leverage as a source for
synchronization and this module should have "required" flag set.
+ During the second phase when commit() method is invoked it gets user
<emphasis>Subject</emphasis> and its
<emphasis>Principal</emphasis>s
+ and tries to synchronize them into storage configured for portal identity
modules. For this purposes such options are supported:
+ <itemizedlist>
+ <listitem>
+ <emphasis
role="bold">userModuleJNDIName</emphasis> - JNDI name of portal
UserModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> option is set
to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">roleModuleJNDIName</emphasis> - JNDI name of portal
RoleModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> and
<emphasis>synchronizeRoles</emphasis> options are set to
<emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">membershipModuleJNDIName</emphasis> - JNDI name of portal
MembershipModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> and
<emphasis>synchronizeRoles</emphasis> options are set to
<emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">userProfileModuleJNDIName</emphasis> - JNDI name of portal
UserProfileModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> option is set
to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">synchronizeIdentity</emphasis> - if set to
<emphasis>true</emphasis> module will check if
+ successfully authenticated user exist in portal and if not it will try
to create it. If user exists module will update its password
+ to the one that was just validated.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">synchronizeRoles</emphasis>
- if set to <emphasis>true</emphasis> module will iterate over all roles
assigned to
+ authenticated user and for each it will try to check if such role
exists in portal and if not it will try to create it. This option is
+ checked only if <emphasis>synchronizeIdentity</emphasis> is
set to true;
+ </listitem>
+ <listitem>
+ <emphasis role="bold">additionalRole</emphasis> -
module will add this role name to the group of principals assigned to the authenticated
user.
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">defaultAssignedRole</emphasis> - if
<emphasis>synchronizeIdentity</emphasis> is set to true, module will try to
assign
+ portal role with such name to the authenticated user. If such role
doesn't exist in portal, module will try to create it.
+ </listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
</sect1>
</chapter>