[JBoss-user] [Security JAAS/JBoss] - AbstractServerLoginModule w/ EJB3
I wrote a custom login module that extends AbstractServerLoginModule. I use password-stacking, LDAP does the authentication, and then my custom login module queries the database to get the roles to associated with the user. I placed this login module into a jar, and then deployed it to /default/lib. First, is this the correct location to place a custom login module? Second, I'd like to use EJB3 to do the database query within the custom login module. How do I package my custom login module to accomplish this? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3901294#3901294 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3901294 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - More flexible roles?
Our users are placed into groups similiar to the following: group-subgroup0-editor - joe - bill group-subgroup0-admin - mike group-subgroup1-editor - joe group-subgroup1-admin - paul I can't figure out how would you handle this type of grouping with declarative security. With declarative security, I can restrict a user from calling a method unless they are an admin or editor, but I need something more granular that takes into account the subgroups. I don't know the subgroup until the user makes a web request. Further, new subgroups are created on a regular basis. Can I use wildcards for roles, like group-*-editor? Or do I have to use aspects to provide more programmatic method call security? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899682#3899682 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899682 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Drop cookie on successful authentication
What is the proper way to send the user a cookie once they successfully authenticate via org.jboss.security.auth.spi.LdapLoginModule? My application gets XML data from external servers that require this cookie. I understand JAAS is separate from the web container, but how do I setup a hook between them? Thanks, Ken View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899122#3899122 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899122 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user