JBAS-3323: Role Mapping Login Module that maps application role to
- You will need to provide a properties file name with the option "rolesProperties"
which has the role to be replaced as the key and a comma-separated role names
- This module should be used with the "optional" mode, as it just adds
onto the authenticated subject
Initialize the login module. This stores the subject, callbackHandler
and sharedState and options for the login session. Subclasses should override
if they need to process their own options. A call to super.initialize(...)
must be made in the case of an override.
Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist. If they do not or are null this method returns false.
Note that subclasses that override the login method must set the loginOk
ivar to true if the login succeeds in order for the commit phase to
populate the Subject. This implementation sets loginOk to true if the
login() method returns true, otherwise, it sets loginOk to false.
Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user. Subclasses should create at
least a Group named "Roles" that contains the roles assigned to the user.
A second common group is "CallerPrincipal" that provides the application
identity of the user rather than the security domain identity.