[jboss-user] [JBoss Seam] - Advice on Security System
mikepkp17
do-not-reply at jboss.com
Wed Jan 17 13:59:57 EST 2007
I know the security in seam is not yet finished but as far as I can not implement my use case. Let me explain:
On my login form I have 3 inputfields, a username, a password and a domain.
When the user clicks the login button the system needs to get all loginmodules configured for the given domain and authenticate against them according to the configuration.
so what I would need is a configuration like this (login-config from jbossAS:
| <application-policy name="internal"> <!-- name is the given domain -->
| <authentication>
| <login-module code="foo.bar.LDAPLoginModule" flag="optional">
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://1.2.3.4:389/</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="principalDNPrefix">uid=</module-option>
| <module-option name="principalDNSuffix">,ou=User,dc=test2,dc=local</module-option>
| <module-option name="roleName">OpenLDAP</module-option>
| </login-module>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="optional">
| <module-option name="dsJndiName">java:/LoginDS</module-option>
| <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
| <module-option name="rolesQuery">select Role, RoleGroup from Roles where PrincipalID=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name="external">
| <authentication>
| <login-module code="foo.bar.LDAPLoginModule" flag="optional">
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://20.30.40.50:389/</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <!--module-option name="principalDNPrefix">uid=</module-option-->
| <module-option name="principalDNSuffix">@test.local</module-option>
| <module-option name="roleName">Active Directory</module-option>
| </login-module>
| <loginmodule class="foo.bar.SeamCustomLoginModule"
| flag="required">
| <option name="paramTypes">
| java.lang.String,java.lang.String,java.lang.String,java.util.Set
| </option>
| <option name="authMethod">
| #{authenticator.authenticate}
| </option>
| </loginmodule>
| </authentication>
| </application-policy>
|
| Please notice that the attribute name in application-policy should match the domain the user selects on the login form and then authentication should be performed against the loginmodules in this application-policy.
|
| Maybe someone can give me a pointer what to extend or how to support such an authentication use case
|
| regards Mike
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4002979#4002979
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4002979
More information about the jboss-user
mailing list