Geronimo
  1. Geronimo
  2. GERONIMO-4207

Provide a LoginModule which can be used to add user or group principals via configuration

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.2, 2.2
    • Fix Version/s: 2.1.2, 2.2
    • Component/s: security
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      In some cases, it would be helpful if user or group principals could be added to an authenticated Subject. For instance, you may want any authenticated LDAP user to have the capability to perform some action. However, LDAP may not have a group that can be used for this purpose. A configurable login module could be used to automatically add a user/group principals to the Subject.

        Activity

        Hide
        Kevan Miller added a comment - - edited

        Committed module. Should add some doc to the Wiki.

        In the meantime, adding something like the following to an existing LoginModuleConfiguration is a usage example...

          <log:login-module control-flag="REQUIRED" wrap-principals="false">
              <log:login-domain-name>Constant</log:login-domain-name>
              <log:login-module-class>org.apache.geronimo.security.realm.providers.ConstantLoginModule</log:login-module-class>
              <log:option name="principalName">authenticated</log:option>
              <log:option name="groupNames">group1,group2</log:option>
          </log:login-module>
        
        Show
        Kevan Miller added a comment - - edited Committed module. Should add some doc to the Wiki. In the meantime, adding something like the following to an existing LoginModuleConfiguration is a usage example... <log:login-module control-flag= "REQUIRED" wrap-principals= " false " > <log:login-domain-name>Constant</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.ConstantLoginModule</log:login-module-class> <log:option name= "principalName" >authenticated</log:option> <log:option name= "groupNames" >group1,group2</log:option> </log:login-module>
        Hide
        Joe Bohn added a comment -

        Can this now be marked as delivered in 2.1.2? Is the only thing remaining the wiki do you mentioned?

        Show
        Joe Bohn added a comment - Can this now be marked as delivered in 2.1.2? Is the only thing remaining the wiki do you mentioned?
        Hide
        Kevan Miller added a comment -

        Mark as fixed, since this is included in 2.1.2.

        Show
        Kevan Miller added a comment - Mark as fixed, since this is included in 2.1.2.

          People

          • Assignee:
            Kevan Miller
            Reporter:
            Kevan Miller
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development