Details
-
Feature Request
-
Resolution: Done
-
Major
-
None
-
8.7
-
None
Description
For the following ldap based login module
~~~
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
<module-option name="java.naming.provider.url"><hostname></module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option name="bindDN"><username></module-option>
<module-option name="bindCredential"><password></module-option>
<module-option name="baseFilter">(uid=
<module-option name="baseCtxDN">ou=people,dc=gene,dc=com</module-option>
<module-option name="roleFilter">(uniquemember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="searchTimeLimit">10000</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
<module-option name="java.naming.provider.url"><hostname></module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option name="bindDN"><username></module-option>
<module-option name="bindCredential"><password></module-option>
<module-option name="baseFilter">(cn={0}
)</module-option>
<module-option name="baseCtxDN">ou=Apps,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleFilter">(uniquemember=
)</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="searchTimeLimit">10000</module-option>
</login-module>
<!-- Map the Active Directory/LDAP Groups/Roles to meaningful JBoss roles -->
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
<module-option name="rolesProperties">props/ldap-eds-rolemapping.properties</module-option>
</login-module>
~~~
Is there a way around not using the RoleMappingLoginModule (to avaoid usage of properties file )
Instead use something similar to the declaration in a "web.xml" towards role mapping like below ?
~~~
<auth-constraint>
<role-name>TeiidAdmin</role-name>
</auth-constraint>
...
<security-role>
<role-name>TeiidAdmin</role-name>
</security-role>
~~~