Software AG Infrastructure 10.7 | Setting Up Security | Predefined Login Modules | RoleLoginModule
 
RoleLoginModule
RoleLoginModule provides authorization information using the roles/permissions storage. The module is implemented according to the JAAS standards. The current user that is already successfully authenticated by other login modules from the chain, is searched in the storage by the fully qualified name. Also, if any of the previous login modules in the chain provides group membership of the user, this login module looks in the storage for the groups and concatenates permissions assigned to the group to the user's permissions. The login module updates already existing SagUserPrincipal with the permissions assigned to the current user (direclty assigned or coming from the groups on which is member). Additionally, SagRolePrincipal is created for each role on which the user is member and all of those SagPrincipal objects are attached to the Subject.
Note:
Permissions are added as properties of SagUserPrincipal with key name "permissions."
This module recognizes the configuration options described in the following table.
Parameter
Description
provider_class= my.provider. class
Optional. Full class name of the role provider to use. Default is FileBasedAuthzStoreImpl.
storage_location= "C:/tmp/roles.txt"
Location of the roles storage. For FileBasedAuthzStoreImpl, that is the full path to the roles file.
A sample configuration is shown below.
Default {
// SSOS login module for SAML signed assertion validation
com.softwareag.security.idp.saml.lm.SAMLAssertValidatorLoginModule sufficient;

// Internal repository login module (java based)
com.softwareag.security.jaas.login.internal.InternalLoginModule required
template_section=INTERNAL
logCallback=true
internalRepository="C:/SoftwareAG/conf/users.txt"
create_group_principal=true
groupRepositoryPath="C:/SoftwareAG/conf/groups.txt";

// Role repository login module
com.softwareag.security.authz.store.jaas.login.RoleLoginModule optional
storage_location="C:/SoftwareAG/conf/roles.txt";
};