[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Web Application

[sohil.shah@jboss.com]

Hi Sohil

May be I am wrong but I have few suggestions

As a user I write my own LoginModule complaint to JAAS, (class extending AbstractServerLoginModule)

We all are famliar with JAAS and we know what methods body shd we for Authentication. Even if we use LoginProvider inside JAAS module,
login() method makes sense and from JAAS class login method we can call LoginProvider login method,  but again like in my application I need more params for user to log in. However the login method in LoginProvider takes only username and password arguments, I can always concatinate other params and send it as username but still, as a user I wont feel comfartable about it.

Similarly readAllRoles makes sense and can be linked with readRoleSets of jboss


But about other methods of LoginModule like exists, read , were should we hook in thse methods with our custom JAAS code.

There should be more explanation about this.

Other thing is Identity, it is defined as a class with fixed getter and setter, there is a possibility that user needs more and less getter and setter. Like in normal JAAS we just rrtuen Principal object.

May be my understanding here is wrong but this is what came to my mind and I thought that I should share it with you. Please do not think
that I am complaining.   All you Jboss guys are great and as a user of
your products I am always thankful for all the efforts and contribution of jboss teams for the industry.

Thanks again for your help

Regards
Nipun


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983222#3983222

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983222