Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.teiid.jboss
Class RoleBasedCredentialMapIdentityLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.resource.security.AbstractPasswordCredentialLoginModule
          extended by org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public class RoleBasedCredentialMapIdentityLoginModule
extends org.jboss.resource.security.AbstractPasswordCredentialLoginModule

A credential mapping login module that associates currently logged in principle's role name to password mapping from a simple properties file. It is similar to name=password, only here this uses role=password. If user has more than single role that has passwords, then first role with non null password is chosen. This login module must be defined with Managed Connection Factory. Please note, you can not use this as the primary login module, this should be strictly used to get a role based password, that can be used as credential mapping at data source level. If you are working with a object as trusted token, then do not use the encryption, and provide base64 encoded string of the object as the password and decrypt it in your custom connection factory. 

<application-policy name = "teiid-security">
       <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                 <module-option name="usersProperties">props/teiid-security-users.properties</module-option>
                 <module-option name="rolesProperties">props/teiid-security-roles.properties</module-option>
                 <module-option name="password-stacking">useFirstPass</module-option>
          </login-module>      
          <login-module code = "org.teiid.jboss.MapIdentityLoginModule" flag = "required">
             <module-option name="password-stacking">useFirstPass</module-option>
             <module-option name = "credentialMap">config/props/rolepasswords.properties</module-option>
             <module-option name = "encryptedPasswords">true</module-option>
             
             <!-- below properties are only required when passwords are encrypted -->
             <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
             <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
             <module-option name = "salt">abcdefgh</module-option>
             <module-option name = "iterationCount">19</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
          </login-module>
       </authentication>
 </application-policy>

See Also:
SimpleGroup, SimplePrincipal

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
RoleBasedCredentialMapIdentityLoginModule()
           
 
Method Summary
 boolean commit()
           
protected  java.security.Principal getIdentity()
           
protected  java.security.acl.Group[] getRoleSets()
          This method simply returns an empty array of Groups which means that no role based permissions are assigned.
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, java.util.Map sharedState, java.util.Map options)
           
 boolean login()
           
 
Methods inherited from class org.jboss.resource.security.AbstractPasswordCredentialLoginModule
getMcf, getServer, logout, removeCredentials
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleBasedCredentialMapIdentityLoginModule

public RoleBasedCredentialMapIdentityLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler handler,
                       java.util.Map sharedState,
                       java.util.Map options)
Specified by:
initialize in interface javax.security.auth.spi.LoginModule
Overrides:
initialize in class org.jboss.resource.security.AbstractPasswordCredentialLoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException
Specified by:
login in interface javax.security.auth.spi.LoginModule
Overrides:
login in class org.jboss.resource.security.AbstractPasswordCredentialLoginModule
Throws:
javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException
Specified by:
commit in interface javax.security.auth.spi.LoginModule
Overrides:
commit in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
javax.security.auth.login.LoginException

getIdentity

protected java.security.Principal getIdentity()
Specified by:
getIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule

getRoleSets

protected java.security.acl.Group[] getRoleSets()
                                         throws javax.security.auth.login.LoginException
This method simply returns an empty array of Groups which means that no role based permissions are assigned.

Specified by:
getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule
Throws:
javax.security.auth.login.LoginException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011. All Rights Reserved.