ch09s17.html

详细介绍了jboss3.0的配置等

property is either set to the String password or Object credential depending
on the useObjectCredential option.

A sample login config is given in <a href="ch09s17.html#sx.LdapLoginModule.config" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s17.html#sx.LdapLoginModule.config" title="Example 9.5. Sample LdapLoginModule Configuration Entry">Example 9.5</a>
					</p><div class="example"><p><a name="sx.LdapLoginModule.config"></a><b>Example 9.5. Sample LdapLoginModule Configuration Entry</b></p><pre class="programlisting"> testLdap {
    org.jboss.security.plugins.samples.LdapLoginModule required
        java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
        principalDNPrefix=uid=
        uidAttributeID=userid
        roleAttributeID=rolenames
        principalDNSuffix=,ou=People,o=displayscape.com
        rolesCtxDN=ou=Users,cn=Project1,ou=Projects,o=displayscape.com
        java.naming.provider.url=ldap://siren-int/
        java.naming.security.authentication=simple
 };</pre></div></div><div class="section"><a name="d0e6585"></a><div class="titlepage"><div><h5 class="title"><a name="d0e6585"></a>org.jboss.security.plugins.samples.DatabaseServerLoginModule</h5></div></div><p>DatabaseServerLoginModule is a JDBC based login module that supports authentication and role mapping. It is based on two logical tables, Principals and Roles.
A simple view of the schema is given in <a href="ch09s17.html#sx.table.model" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s17.html#sx.table.model" title="Figure 9.8. The DatabaseServerLoginModule Logical Tables">Figure 9.8</a>
						<div class="figure"><p><a name="sx.table.model"></a><b>Figure 9.8. The DatabaseServerLoginModule Logical Tables</b></p><div class="mediaobject"><img src="LMDatabaseModel.jpg" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/LMDatabaseModel.jpg"></div></div>The Principals table associates the user principalID with the valid password and the Roles table associates the principalIDd with its role sets. The tables are logical in that you can specify the sql query that the login module uses so as long as the result set has the same structure the tables and columns can be called anything.

The module options are:</p><div class="variablelist"><dl><dt><a name="d0e6600"></a><span class="term">dsJndiName</span></dt><dd><p><a name="d0e6603"></a>The name of the DataSource of the database containing the Principals and Roles tables</p></dd><dt><a name="d0e6606"></a><span class="term">principalsQuery</span></dt><dd><p><a name="d0e6609"></a>The prepared statement query equivalent to, 
 &#8220;select Password from Principals where PrincipalID=?&#8221;
								</p></dd><dt><a name="d0e6615"></a><span class="term">rolesQuery</span></dt><dd><p><a name="d0e6618"></a>The prepared statement query equivalent to,&#8220;select Role, RoleGroup from Roles where PrincipalID=?&#8221;
								</p></dd></dl></div></div><div class="section"><a name="d0e6624"></a><div class="titlepage"><div><h5 class="title"><a name="d0e6624"></a>org.jboss.security.srp.jaas.SRPCacheLoginModule</h5></div></div><p>SRPCacheLoginModule is server side login module that validates a username and session client challenge response against the cache of authentication info maintained by the SRPService mbean. This module needs a CallbackHandler that supplies the user principal and credential via the SecurityAssociationCallback object.

The module options are:</p><div class="variablelist"><dl><dt><a name="d0e6630"></a><span class="term">cacheJndiName</span></dt><dd><p><a name="d0e6633"></a>: The name of the DataSource of the database containing the Principals and Roles tables</p></dd><dt><a name="d0e6636"></a><span class="term">domainName</span></dt><dd><p><a name="d0e6639"></a>the security domain name</p></dd></dl></div></div></div><div class="section"><a name="ClientSideLoginModules"></a><div class="titlepage"><div><h4 class="title"><a name="ClientSideLoginModules"></a>Client Side LoginModules</h4></div></div><p>The login modules docuemented in this section are used by clients to bind the identity and credentials that will passed to the JBoss server with each EJB method invocation.</p><div class="section"><a name="sx.login.ClientLoginModule"></a><div class="titlepage"><div><h5 class="title"><a name="sx.login.ClientLoginModule"></a>org.jboss.security.ClientLoginModule</h5></div></div><p>The ClientLoginModule is a simple client side login module that
				passes the username and credentials obtained during login to the
				org.jboss.security.SecurityAssociation class so that each EJB method invocation
				is associated with the given username and credentials. Validation of the
				username and credentials occurs on the JBoss server according to the security
				domain settings of the EJB the client is invoking. The ClientLoginModule is
				often chained with other login modules that perform validation of the client
				and then pass the authenticated information onto the ClientLoginModule so that
				the information is attached to the EJB method invocations.</p></div><div class="section"><a name="sx.login.SRPLoginModule"></a><div class="titlepage"><div><h5 class="title"><a name="sx.login.SRPLoginModule"></a>org.jboss.security.srp.jaas.SRPLoginModule</h5></div></div><p>The SRPLoginModule is a client side login module that
				implements the client side of the SRP security password protocol described in
				RFC2945.</p></div></div></div></div><table border="0" cellpadding="0" cellspacing="0" height="65"><tr height="65"><td rowspan="2"><img src="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="432" height="79"></td><td rowspan="2" background="gbar.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/gbar.gif" width="100%" align="right" valign="top"><a href="index.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/index.html"><img src="doc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/doc.gif" border="0"></a><a href="ch09.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09.html"><img src="toc.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/toc.gif" border="0"></a><a href="ch09s15.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s15.html"><img src="prev.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/prev.gif" border="0"></a><a href="ch09s30.html" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/ch09s30.html"><img src="next.gif" tppabs="http://www.huihoo.org/jboss/online_manual/3.0/next.gif" border="0"></a></td></tr><tr></tr></table></body></html>