Hi Doug,
Ferguson, Doug wrote:
> I am currently tryint to write a loginModule that
> uses DBAuthentication and uses roles.
> I was checking out the AbstractLoginModule class
> and noticed that it just took the Subject reference
> and added roles to it. Is this all that is necessary
> to add roles to a user.
Yes.
> What is going on under the hood here. How does jBoss
> get the subject back later?
JBoss creates its own LoginContext, which runs server LoginModules.
Upon successful authentication JBoss calls LoginContext.getSubject(),
reads the set of public Credentials of the Subject and interprets it
as a set of roles.
> I.E. I thought rmi calls where pass by value.
What do you mean?
All that happens locally on the server, no RMI calls.
Regards,
Oleg
