[jboss-dev-forums] [Design of Security on JBoss] - Role generation and mapping
anil.saldhana@jboss.com
do-not-reply at jboss.com
Fri Jan 18 18:24:12 EST 2008
Role Generation:
Historically, we have had role generation as part of the JAAS authentication process we do. The login modules populate the subject with a group called as "Roles". I want to provide RoleGeneration facilities at the security domain level. We will still maintain legacy role generation expectations as part of the Jaas layer.
Use case: User may perform authentication against the ldap server using a custom login module not inheriting from JBoss AbstractServerLoginModule. Then can use JBoss RoleGeneration modules specified at the security domain to generate the roles from a DB, LDAP server, properties file wherever.
Role Mapping:
Once the roles are generated and placed into the security context, the users can always apply mapping modules to the roles in the context.
Use case: As part of the security domain, for a particular principal, a set of roles are generated. The security domain is not dependent on a particular application or deployment. But an user may wish to apply specific mapping to roles based on the deployment or principal name or resource type etc.
I am looking for feedback mainly on the role generation part.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4121462#4121462
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4121462
More information about the jboss-dev-forums
mailing list