Chapter 5. Certificate-Based Login Modules

securityDomain

String

other

Name of the security domain that has the JSSE configuration for the truststore holding the trusted certificates.

verifier

class

none

The class name of the org.jboss.security.auth.certs.X509CertificateVerifier to use for verification of the login certificate.

rolesProperties

String

roles.properties

The name of the resource or file containing the roles to assign to each user. The role properties file must be in the format username=role1,role2 where the user name is the DN of the certificate, escaping any equals and space characters. The following example is in the correct format: CN\=unit-tests-client,\ OU\=Red\ Hat\ Inc.,\ O\=Red\ Hat\ Inc.,\ ST\=North\ Carolina,\ C\=US

defaultRolesProperties

String

defaultRoles.properties

Name of the resource or file to fall back to if the rolesProperties file cannot be found.

roleGroupSeparator

A single character.

. (a single period)

Which character to use as the role group separator in the rolesProperties file.

dsJndiName

A JNDI resource

java:/DefaultDS

The name of the JNDI resource storing the authentication information.

rolesQuery

prepared SQL statement

select Role,RoleGroup from Roles where PrincipalID=?

SQL prepared statement to be executed in order to map roles. It should be an equivalent to the query 'select Role, RoleGroup from Roles where PrincipalID=?', where Role is the role name and the RoleGroup column value should always be either Roles with a capital R or CallerPrincipal.

suspendResume

true or false

true

Whether any existing JTA transaction should be suspended during database operations.

transactionManagerJndiName

JNDI Resource

java:/TransactionManager

The JNDI name of the transaction manager used by the login module.