[jboss-user] [JBoss Seam] - Advice on Security System

mikepkp17 do-not-reply at jboss.com
Wed Jan 17 13:59:57 EST 2007 

I know the security in seam is not yet finished but as far as I can not implement my use case. Let me explain:

On my login form I have 3 inputfields, a username, a password and a domain.

When the user clicks the login button the system needs to get all loginmodules configured for the given domain and authenticate against them according to the configuration.

so what I would need is a configuration like this (login-config from jbossAS:

  | <application-policy name="internal"> <!-- name is the given domain -->
  |     	<authentication>
  |     		<login-module code="foo.bar.LDAPLoginModule" flag="optional">
  |     			<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |     			<module-option name="java.naming.provider.url">ldap://1.2.3.4:389/</module-option>
  |     			<module-option name="java.naming.security.authentication">simple</module-option>
  |     			<module-option name="principalDNPrefix">uid=</module-option>                    
  |           		            <module-option name="principalDNSuffix">,ou=User,dc=test2,dc=local</module-option> 
  |           		            <module-option name="roleName">OpenLDAP</module-option>  	
  |     		</login-module>
  |     		<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="optional">
  |      			<module-option name="dsJndiName">java:/LoginDS</module-option>
  |      			<module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
  |      			<module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
  |     		</login-module>    		
  |     	</authentication>    
  |     </application-policy>
  |     
  |     <application-policy name="external">
  |     	<authentication>    		
  |     		<login-module code="foo.bar.LDAPLoginModule" flag="optional">
  |     			<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |     			<module-option name="java.naming.provider.url">ldap://20.30.40.50:389/</module-option>
  |     			<module-option name="java.naming.security.authentication">simple</module-option>
  |     			<!--module-option name="principalDNPrefix">uid=</module-option-->                    
  |           <module-option name="principalDNSuffix">@test.local</module-option> 
  |           <module-option name="roleName">Active Directory</module-option>  	
  |     		</login-module>
  |     		<loginmodule class="foo.bar.SeamCustomLoginModule"
  | 			flag="required">
  | 			<option name="paramTypes">
  | 				java.lang.String,java.lang.String,java.lang.String,java.util.Set
  | 			</option>
  | 			<option name="authMethod">
  | 				#{authenticator.authenticate}
  | 			</option>
  | 		</loginmodule>
  |     	</authentication>    
  |     </application-policy>
  | 
  | Please notice that the attribute name in application-policy should match the domain the user selects on the login form and then authentication should be performed against the loginmodules in this application-policy.
  | 
  | Maybe someone can give me a pointer what to extend or how to support such an authentication use case
  | 
  | regards Mike

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4002979#4002979

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4002979

More information about the jboss-user mailing list