此内容没有您所选择的语言版本。
6.6. Configuring the Role-Based Credential Map Identity Login Module
Warning
RoleBasedCredentialMap is now deprecated.
Procedure 6.2. Configure Role-Based Credential Map Identity Login Module
Create the Login Module
Configure authentication modules using the Management Console according to the following specification:<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="my-security-domain" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="usersProperties" value="file://${jboss.server.config.dir}/teiid-security-users.properties"/> <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/teiid-security-roles.properties"/> </login-module> <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
Complete the Configuration
Configure the data source or connection factory in the same way as for theCallerIdentityLoginModule
.
Result
In the above example, the primary login module UsersRolesLoginModule
is configured to login the primary user and assign some roles. The RoleBasedCredentialMap
login module is configured to hold role to password information in the file defined by the credentialMap
property. When the user logs in, the role information from the primary login module is taken, and the role's password is extracted and attached as a private credential to the Subject.
Note
To use an encrypted password instead of a plaintext one, include the encrypted password in the file defined by the
credentialMap
property.
For more information about encrypting passwords, refer to the JBoss Enterprise Application Platform Security Guide.