A jboss login module (like the LdapExtLoginModule
in jbosssx.jar shipped with jboss-5.0.1.GA) returns a
Group
array with one SimpleGroup
named “Roles” as its role set.
The parent class AbstractServerLoginModule
combines this with the Principal
object representing the user. So the set of principals consists of two entries acting as the
user and his roles. These are added to the principals of the Subject
instance, which
has been given to the login module when LoginModule#initialize(Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
is called.
Tag: JAAS
Standalone Tomcat with jBoss plus authentication against LDAP
There is a 2nd edition of this post: Standalone Tomcat with jBoss (2nd Edition)!
This tutorial desribes, how to install and configure a standalone Tomcat, so that a deployed webapp can authenticate against LDAP and connect to a jBoss passing the credentials in every call of an EJB via remote interface , so that the business application can authenticate against the same LDAP, too. The configuration of the jBoss seems to be a more common and better documented task and will be covered in another tutorial, which I will link here later, as soon as I have written it.
WARNING: Please don’t use this solution in a productive system, but for testing purpose only. The custom LdapExtLoginModule presented here exposes the credentials of all online users to all classes using the same class loader! I will add a blog post, as I find a solution for production systems.
Read More