Red Hat Training

A Red Hat training course is available for Red Hat JBoss Data Virtualization

7.6. Configuring the Role-Based Credential Map Identity Login Module

Warning

RoleBasedCredentialMap is now deprecated.

Procedure 7.2. Configure Role-Based Credential Map Identity Login Module

  1. Create the Login Module

    Configure authentication modules using the Management Console according to the following specification: 
    <subsystem xmlns="urn:jboss:domain:security:1.1">
    <security-domains>
        <security-domain name="my-security-domain" cache-type="default">
            <authentication>
                <login-module code="UsersRoles" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="usersProperties" value="file://${jboss.server.config.dir}/teiid-security-users.properties"/>
                    <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/teiid-security-roles.properties"/>
                </login-module>
                <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required">
                    <module-option name="password-stacking" value="useFirstPass"/>
                    <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/>
                </login-module>
            </authentication>
        </security-domain>
    </security-domains>
</subsystem>

  2. Complete the Configuration

    Configure the data source or connection factory in the same way as for the CallerIdentityLoginModule.
Result

In the above example, the primary login module UsersRolesLoginModule is configured to login the primary user and assign some roles. The RoleBasedCredentialMap login module is configured to hold role to password information in the file defined by the credentialMap property. When the user logs in, the role information from the primary login module is taken, and the role's password is extracted and attached as a private credential to the Subject.

Note

To use an encrypted password instead of a plaintext one, include the encrypted password in the file defined by the credentialMap property.
For more information about encrypting passwords, refer to the JBoss Enterprise Application Platform Security Guide.