[jboss-user] [Security & JAAS/JBoss] - Re: Custom principal in Web application
bdaniliuc
do-not-reply at jboss.com
Fri Jul 28 02:35:39 EDT 2006
Configuration for custom login module configured in login-config.xml:
| <login-module code="core.rbac.jboss.LDAPCertificateLoginModule" flag="required">
| <module-option name="securityDomain">java:/jaas/CoreApplication</module-option>
| <module-option name="principalClass">core.rbac.BasicPrincipal</module-option>
| <module-option name="verifier">core.rbac.jboss.CertificateVerifier</module-option>
| </login-module>
|
The custom login module is a subclass of BaseCertLoginModule that obtains user roles from LDAP. In the login module the identity is instance of BasicPrincipal. The user roles are propagated to the web application, for example, calling request.isUserInRole("someRole") correctly returns true or false based on user role assignment. However request.getUserPrincipal() returns an instance of SimplePrincipal and not BasicPrincipal.
Please inform me if you need other code or configuration snapshots.
Thanks,
Bogdan
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961485#3961485
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961485
More information about the jboss-user
mailing list