I'm assuming the properties based Principle would allow you to call sessionContext.getCallerPrincipal() and then retreive certain properties like companyId, branchId etc .... If you wanted to get this stuff out of the Database would you just not have to extend DatabaseServerLoginModule and instead of creating a SimplePrincipal have a PropertiesPrincipal with an addional method getProperty? There would be no need for an addional Callback because you are still only getting login and password. OverSimplification?
Steve Salkin wrote: > Hi- > > After posting here to see if there was interest in a generic version of > LoginModule similar to the UsernamePasswordLoginModule, but which supported a > third passed-in attribute "Organization" for ASP models, I had an interesting > dialog with JAAS expert Scott Stark. Since our conversation seems to have > petered out, I'd like to make some elements part of the public record so they > don't get forgotten, and will be accessable to people coming along later who > are a situation similar to mine. Scott, I hope you don't mind my quoting some > of your technical remarks rather than rephrasing them just to avoid this. > > After a brief confusion at the outset, Scott realized that I was trying to ask > the user for two separate pieces of information to uniquely identify them. I > explained that I was planning to add another CallbackHandler and another > Principal implementation to facilitate this. He said: > > "Ok, I see the issue. However, when a login module is executed on the > server in response to either an attempt to access an ejb or a servlet, there > is no callback handler to which the request can be delegated. An > extension to the current security manager would have to be made to > allow one to configure a callback handler for a security domain. > > Also, the next logical step would be to have a properties based principal > and callback object that allowed one to associate any number of > attributes with a principal. The ASP use case is one that just uses a > single "organization" property. Adding this as well as externalizing the > callback handler for a security domain makes sense to me." > > As I said to him, this is more work than I probably have time to do right now, > given the other deadlines I am facing, and it seems unlikely to me that this > would be a good first project for a new jboss developer even if I did. > > Perhaps I will be able to contribute to the project in some way at a later > time. In any event, since I am writing here I'd like to thank each of you for > the amazing work that has gone into jboss, which I have followed for some > time. May it bring you all fame and fortune. > > S- > > > _______________________________________________ > Jboss-development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development > > _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
