此内容没有您所选择的语言版本。
6.4. Configuring the Caller Identity Login Module
Procedure 6.1. Configure the Caller Identity Login Module
Create the Login Module
Configure authentication modules using the Management Console according to the following specification:<security-domain name="my-security-domain" cache-type="default"> <authentication> <login-module code="org.picketbox.datasource.security.CallerIdentityLoginModule" module="org.picketbox" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="userName" value="guest"/> <module-option name="password" value="guest"/> </login-module> </authentication> </security-domain>
Configure the Data Source
Configure the datasource according to the following specification.<datasource jndi-name="java:/mysql-ds" pool-name="mysql-ds" enabled="true"> <connection-url>jdbc:mysql://localhost:3306/txns</connection-url> <driver>mysql</driver> <pool><allow-multiple-users/></pool> <security> <security-domain>my-security-domain</security-domain> </security> </datasource>
Configure the Connection Factory
Configure the resource adapter according to the following specification:<resource-adapter> <archive>teiid-connector-ldap.rar</archive> <transaction-support>NoTransaction</transaction-support> <connection-definitions> <connection-definition class-name="org.teiid.resource.adapter.ldap.LDAPManagedConnectionFactory" jndi-name="java:/ldapDS" enabled="true" use-java-context="true" pool-name="ldap-ds"> <config-property name="LdapUrl">ldap://ldapServer:389</config-property> <config-property name="LdapAdminUserDN">cn=???,ou=???,dc=???</config-property> <config-property name="LdapAdminUserPassword">pass</config-property> <config-property name="LdapTxnTimeoutInMillis">-1</config-property> <security> <security-domain>my-security-domain</security-domain> </security> </connection-definition> </connection-definitions> </resource-adapter>
Result
When a user logs in with a password, the same password will also be set on the logged in Subject after authentication. These credentials can be extracted by the data source by asking for Subject's private credentials.