Changing JAAS roles based on software license flags
https://stackoverflow.com/questions/676189
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've got a pretty ordinary Java EE application running on JBOSS. It uses the JBoss DatabaseLoginModule JAAS authentication. It also has application layer users/roles in Hibernate that are exactly the same.
I've got an idea ( which I think is pretty useful for me, anyway) to have a capability bit I can set in the software license object (not using hibernate) that makes all users the read-only user. This lets me make a read only version of the product by relicensing it.
What I'd like to do is remap the user associations based on a boolean flag accessible inside the program.
So normally we get ( many-many join)
User -*UserRole*-Role -*RoleActions
where
user.roleid =>role.id
When the boolean is set ( a capability bit set in the software license )
I'd like JAAS to act like all users were roleid =1 when the license says so.
Any ideas ?
Solution
By subclassing DatabaseServerLoginModule I can perform extra checks. ( on the software licence)
Trivially I can then
If the licence is expired, give A Readonly user ( the credentials are fixed)
If the license has the read-only capability bit set, give the Read-only user ( the credentials are fixed)
Since the login has been intercepted, the Hibernate User lookup will be for the right user.
OTHER TIPS
Maybe I'm missing the boat here, but why not do that programatically?
In User object, provide a transient getter like getAuthenticatedRoles() that would additionally filter what Hibernate loaded. Additonally, make the original mapped collection getter protected, and use only getAuthenticatedRoles() from other Java code.
