Show Table of Contents
6.6. Configuring the Role-Based Credential Map Identity Login Module
Warning
RoleBasedCredentialMap is now deprecated.
Procedure 6.2. Configure Role-Based Credential Map Identity Login Module
Create the Login Module
Configure authentication modules using the Management Console according to the following specification:<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="my-security-domain" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="usersProperties" value="file://${jboss.server.config.dir}/teiid-security-users.properties"/> <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/teiid-security-roles.properties"/> </login-module> <login-module code="org.teiid.jboss.RoleBasedCredentialMapIdentityLoginModule" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="credentialMap" value="file://${jboss.server.config.dir}/teiid-credentialmap.properties"/> </login-module> </authentication> </security-domain> </security-domains> </subsystem>Complete the Configuration
Configure the data source or connection factory in the same way as for theCallerIdentityLoginModule.
Result
In the above example, the primary login module UsersRolesLoginModule is configured to login the primary user and assign some roles. The RoleBasedCredentialMap login module is configured to hold role to password information in the file defined by the credentialMap property. When the user logs in, the role information from the primary login module is taken, and the role's password is extracted and attached as a private credential to the Subject.
Note
To use an encrypted password instead of a plaintext one, include the encrypted password in the file defined by the
credentialMap property.
For more information about encrypting passwords, refer to the JBoss Enterprise Application Platform Security Guide.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.