[jboss-user] [Security & JAAS/JBoss] - Re: Adding roles to user on the fly

kuzmiigo do-not-reply at jboss.com
Sat Jul 29 15:22:09 EDT 2006


Some additional information.

jboss-web.xml:
<jboss-web>
  |     <security-domain>java:/jaas/testdomain</security-domain>
  | </jboss-web>

>From login-config.xml:
<application-policy name="testdomain">
  |   <authentication>
  |     <login-module code="com.test.security.SpecialLoginModule1" flag="required">
  |       <module-option name="password-stacking">useFirstPass</module-option>
  |       <module-option name="dsJndiName">java:/DefaultDS</module-option>
  |     </login-module>
  |     <login-module code="com.test.security.SpecialLoginModule2" flag="required">
  |       <module-option name="password-stacking">useFirstPass</module-option>
  |       <module-option name="dsJndiName">java:/DefaultDS</module-option>
  |     </login-module>
  |   </authentication>
  | </application-policy>


Flushing code:
String domain = "testdomain";
  | Principal principal = new SimplePrincipal(user.getUsername());
  | ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager");
  | Object[] params = { domain, principal };
  | String[] signature = { "java.lang.String", Principal.class.getName() };
  | MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0);
  | server.invoke(jaasMgr, "flushAuthenticationCache", params, signature);

Credentials caching is disabled, after flushing (just in case) Subject is not populated again (LoginModules are not called again to populate "Roles" group).

I would be grateful for your comments,

Igor

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961697#3961697

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3961697



More information about the jboss-user mailing list