Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] JAAS LdapLoginModule - mapping groups to roles

Hi -

I'm investigating the practicality of migrating an old web application from
OC4J to Jetty 9, with some good success so far.

I've got authentication working fine using the LdapLoginModule, but for
authorisation I think I need to perform a translation from LDAP group names
to JAAS role names.
For example, if the user principal is a member of group X then they must be
assigned role principal Y.
(Currently I can see the role principals are named directly from the LDAP
group names)

OC4J has a mechanism to perform some mapping in a container-specific config
file 'orion-applicaton.xml' e.g.
	<security-role-mapping name="Y">
		<group name="X"/>
	</security-role-mapping>

Other containers like Glassfish appear to have similar features.

I can't find an obvious way of achieving this in Jetty with the
LdapLoginModule. Can anyone offer any suggestions?
(I was going to start by sub-classing the LdapLoginModule and hack some
changes to getUserRoles. but thought I'd ask around first!)

I'm currently using Jetty 9.3.8 with OpenJDK 1.8.

Thanks -

Leo


*******************************************************************************************************
The information from the Student Loans Company Ltd contained in this e-mail is private and privileged. If you have received this e-mail in error be advised that any use is strictly prohibited. Please notify us and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. 

As internet communications are capable of data corruption it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. This footnote also confirms that this email message has been swept for the presence of computer viruses, however we do not accept any liability or responsibility for resultant virus infection. Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Limited.

The Student Loans Company Ltd registered office is at 21 St Thomas Street, Bristol, BS1 6JS and it is registered in England Company No. 02401034, VAT No. 556 4352 32. 
********************************************************************************************************


Back to the top