7.6. Configuring the Role-Based Credential Map Identity Login Module

Warning

RoleBasedCredentialMap is now deprecated.

Procedure 7.2. Configure Role-Based Credential Map Identity Login Module

Create the Login Module

Configure authentication modules using the Management Console according to the following specification:

<subsystem xmlns="urn:jboss:domain:security:1.1">
    <security-domains>
        <security-domain name="my-security-domain" cache-type="default">
            <authentication>
                <login-module code="UsersRoles" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="usersProperties" value="file://${jboss.server.config.dir}/teiid-security-users.properties"/>
                    <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/teiid-security-roles.properties"/>
                </login-module>
                <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
                </login-module>
            </authentication>
        </security-domain>
    </security-domains>
</subsystem>

<subsystem xmlns="urn:jboss:domain:security:1.1">
    <security-domains>
        <security-domain name="my-security-domain" cache-type="default">
            <authentication>
                <login-module code="UsersRoles" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="usersProperties" value="file://${jboss.server.config.dir}/teiid-security-users.properties"/>
                    <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/teiid-security-roles.properties"/>
                </login-module>
                <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
                </login-module>
            </authentication>
        </security-domain>
    </security-domains>
</subsystem>

Copy to Clipboard

Toggle word wrap

Complete the Configuration
Configure the data source or connection factory in the same way as for the CallerIdentityLoginModule.

Result

In the above example, the primary login module UsersRolesLoginModule is configured to login the primary user and assign some roles. The RoleBasedCredentialMap login module is configured to hold role to password information in the file defined by the credentialMap property. When the user logs in, the role information from the primary login module is taken, and the role's password is extracted and attached as a private credential to the Subject.

Note

To use an encrypted password instead of a plaintext one, include the encrypted password in the file defined by the credentialMap property.

For more information about encrypting passwords, refer to the JBoss Enterprise Application Platform Security Guide.

Nach oben

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

7.6. Configuring the Role-Based Credential Map Identity Login Module

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Mehr Inklusion in Open Source

Über Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links