OK, it's working now.
Below, our security domain is called "Greenfields". Insert your own String
there.
They key points are that you must have an empty security domain entry in your
jboss.xml!!!!! You must not specify the correct one, otherwise the login will
not work!.
This means that you must then annotate your EJBs with
@SecurityDomain("Greenfields")
Then create a .sar file with META-INF/jboss-service.xml like this
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD MBean Service 4.0//EN"
| "http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd";>
| <server>
| <!-- The custom JAAS login configuration that installs
| a Configuration capable of dynamically updating the
| config settings
| -->
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="jboss.security.tests:service=LoginConfig">
| <attribute name="PolicyConfig" serialDataType="jbxb">
| <jaas:policy
|
xsi:schemaLocation="urn:jboss:security-config:4.1
resource:security-config_4_1.xsd"
| xmlns:jaas="urn:jboss:security-config:4.1"
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
|
| <!-- Our Greenfields login config -->
| <jaas:application-policy name="Greenfields">
| <jaas:authentication>
| <jaas:login-module
code="com.fcl.security.GreenfieldsLoginModule" flag="required">
| <jaas:module-option
name="unauthenticatedIdentity">anonymous</jaas:module-option>
| <jaas:module-option
name="principalClass">com.fcl.security.GreenfieldsUser</jaas:module-option>
| <jaas:module-option
name="ignorePasswordCase">true</jaas:module-option>
| </jaas:login-module>
| </jaas:authentication>
| </jaas:application-policy>
| </jaas:policy>
| </attribute>
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
|
| </server>
And put your login module into a jar in the SAR. Put the SAR inside the EAR.
In the login module, have
| private SimpleGroup callerPrincipal = new
SimpleGroup("CallerPrincipal");
| private SimpleGroup roles = new SimpleGroup("Roles");
| private Group[] roleSets = { callerPrincipal, roles };
|
and in your login method, add your roles to the roles group, and your user
principal to the callerPrincipal group.
This is great (if a bit weird), and web components can correctly ascertain the
remote user, and the user's roles using request.getUserPrincipal() and
request.isUserInRole().
Custom roles added to the roles group must extend
org.jboss.security.SimplePrincipal to be propagated to the EJB container.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3931556#3931556
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3931556
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
