users@glassfish.java.net

Re: Custom LoginModule and Roles

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Fri, 28 May 2010 13:25:55 +0530

glassfish_at_javadesktop.org wrote:
> Hello,
>
> I have written a custom javax.security.auth.spi.LoginModule implementation for authenticating EJB- and web applications. However, I would like to avoid to manually edit xml-descriptor files like e.g. web.xml or sun-web.xml with respect to security-specific entries like roles or role-mappings. For this, I searched and found an article ( http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule ) where an implementation of java.security.acl.Group (MyGroup) is utilized to set corresponding principals (in this case roles) for a specific subject. However, this is a JBoss-specific solution as the name of this implementation is explicitly set to "Roles". I have tried this under GlassFish v3 and I didn't succeed. The roles I added this way have been ignored. My question is if there is a corresponding solution for GlassFish?
>
You can add groups to the Subject and activate default Principal to
Role Mapping in glassfish. That will map the groups to same named Roles.

regards,
kumar

> Best regards,
>
> Frederik
> [Message sent by forum member 'nlfred']
>
> http://forums.java.net/jive/thread.jspa?messageID=471688
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>