[jboss-user] [Security & JAAS/JBoss] - Re: Custom principal in Web application

bdaniliuc do-not-reply at jboss.com
Fri Jul 28 02:35:39 EDT 2006

   Configuration for custom login module configured in login-config.xml: 

  |         <login-module code="core.rbac.jboss.LDAPCertificateLoginModule" flag="required">
  | 		<module-option name="securityDomain">java:/jaas/CoreApplication</module-option>
  | 		<module-option name="principalClass">core.rbac.BasicPrincipal</module-option>
  | 		<module-option name="verifier">core.rbac.jboss.CertificateVerifier</module-option>
  |         </login-module>
  The custom login module is a subclass of BaseCertLoginModule that obtains user roles from LDAP. In the login module the identity is instance of BasicPrincipal. The user roles are propagated to the web application, for example, calling request.isUserInRole("someRole") correctly returns true or false based on user role assignment. However request.getUserPrincipal() returns an instance of SimplePrincipal and not BasicPrincipal.

Please inform me if you need other code or configuration snapshots.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961485#3961485

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961485

More information about the jboss-user mailing list