[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-729) support container authorization in JBoss

Guillaume Jeudy (JIRA) jira-events at lists.jboss.org
Thu Mar 20 09:24:50 EDT 2008 

    [ http://jira.jboss.com/jira/browse/JBSEAM-729?page=comments#action_12403808 ] 
            
Guillaume Jeudy commented on JBSEAM-729:
----------------------------------------

actually there is no files, all config snippets are included in the previous comment. There is a missing piece to the puzzle, the datasource has to be configured to use the caller principal to login to the database. This is a solution to bind the application principal to the database principal. 

datasource:

<datasources>
	<local-tx-datasource>
		<jndi-name>ReferenceDataManagerDS</jndi-name>
		<connection-url>jdbc:oracle:thin:@devdb01:1521:REFD10</connection-url>
		<driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
		<user-name>doesntmatterisnotused</user-name>
		<password>doesntmatterisnotused</password>
		<security-domain>OracleDbRealm</security-domain>
		<exception-sorter-class-name>
			org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter
		</exception-sorter-class-name>
		<metadata>
			<type-mapping>Oracle9i</type-mapping>
		</metadata>
	</local-tx-datasource>
</datasources>

Conclusion: authenticate() has to be run twice once on seam Identity and once on WebAuthentication to make this solution work. Ideally Seam would support JBoss container authorization directly.

> support container authorization in JBoss
> ----------------------------------------
>
>                 Key: JBSEAM-729
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-729
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Gavin King
>         Assigned To: Shane Bryzak
>             Fix For: 2.1.0.GA
>
>
> We should use the JBoss-specific Thread->Principal binding to integrate with container authorization. Make it extensible to support other containers in future.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list