Role Generation:
Historically, we have had role generation as part of the
JAAS authentication process we do. The login modules
populate the subject with a group called as
"Roles". I want to provide RoleGeneration
facilities at the security domain level. We will still
maintain legacy role generation expectations as part of the
Jaas layer.
Use case: User may perform authentication against the ldap
server using a custom login module not inheriting from JBoss
AbstractServerLoginModule. Then can use JBoss RoleGeneration
modules specified at the security domain to generate the
roles from a DB, LDAP server, properties file wherever.
Role Mapping:
Once the roles are generated and placed into the security
context, the users can always apply mapping modules to the
roles in the context.
Use case: As part of the security domain, for a particular
principal, a set of roles are generated. The security domain
is not dependent on a particular application or deployment.
But an user may wish to apply specific mapping to roles
based on the deployment or principal name or resource type
etc.
I am looking for feedback mainly on the role generation
part.
View the original post : http://www.jboss.com/index.html?
module=bb&op=viewtopic&p=4121462#4121462
Reply to the post : http://www.jboss.com/index.
html?module=bb&op=posting&mode=reply&p=4121462
_______________________________________________
jboss-dev-forums mailing list
jboss-dev-forums lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-dev-foru
ms
|
