-
Type:
Feature Request
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: EAP_EWP 5.1.0
-
Fix Version/s: EAP_EWP 5.2.0
-
Component/s: Documentation, Security
-
Labels:
-
Affects:Documentation (Ref Guide, User Guide, etc.)
-
Release Notes Text:A new section describing RoleMappingLoginModule and its configuration options has been added to the JBoss Security Guide.
-
Release Notes Docs Status:Documented as Feature Request
-
Docs QE Status:ASSIGNED
Customers sometime need a feature to map an application role (for example, role from ldap) to a declarative role in web.xml etc.
Description:
Assume a web.xml defines a security role called as "admin". Now the user uses ldap login module and authenticates the user called as "X". But ldap has been configured to assign an role of "ldaprole" to "X". It should be possible for the user to specify a mapping from "ldaprole" to "admin" such that the authentication passes and access is granted.
A simple RoleMappingLoginModule would suffice that can be configured to replace specific roles in the authenticated subject with roles in the login module options etc.
This is discussed in https://jira.jboss.org/browse/JBAS-3323, and should be considered as an addition to the Login Module section of the Security Guide.
Anil, is this something we could port over for JBEAP customer use? If yes, please assign to me for triage in 5.1.1
- is duplicated by
-
JBPAPP-7147 JBoss security guide needs to include information on RolesMappingLoginModule
-
- Closed
-
