SimpleNameMappingLoginModule
Use SimpleNameMappingLoginModule to map a user name that is in the sharedState or CallbackHandler to another user name, which is for example in a different user repository. The login module sends the result in the sharedState map. Depending on the parameters you include in the JAAS configuration file, you can provide different mapping modes with the login module. The properties mapping mode is based on a Java properties file. The regular expression mapping mode is based on the java.util.regex package. To enable a mapping mode you must use the corresponding configuration parameter in the JAAS configuration. You cannot use both mapping modes at the same time.
For more sophisticated mapping method, you can sub-class SimpleNameMappingLoginModule. Using the following sample excerpt, you can rework the method as explained. You can use the context parameter to define the target context for which the mapping is performed. The SagCredentials are sent by the application which calls the login module and therefore, must not be modified. You set the values of the super class variables using the mapName method and mapPassword method, if applicable.
protected mapName(String context, SagCredentials credentials, Map options)
throws SagGeneralSecurityException
The following table outlines the parameters of SimpleNameMappingLoginModule.
Parameter | Description |
user_mapping_ url | Required if you use properties file mapping. URL of the Java properties file that contains the mapping information. |
user_mapping_ regex | Required if you use regular expression mapping. Regular expression to use to collect the user name from the input name. |
user_mapping_ matchgroup | Optional. Regular expression group that is used for the results of the regular expression. Default is 1. |
Examples are shown below.
If you add this login module to the stack:
fcom.softwareag.security.jaas.login.modules.SimpleNameMappingLoginModule required
user_mapping_url=file://path/to/mapping_user.properties
The mapping_user.properties file contains these entries:
testclient=Test Client
testclient.password=secret1
If you login with user name testclient, the login modules after SimpleNameMappingLoginModule will receive user name Test Client and password secret1 as credentials.
If you add this login module to the stack:
com.softwareag.security.jaas.login.modules.SimpleNameMappingLoginModule required
user_mapping_regex="CN=(\\w*),(.*)"
If you login with user name CN=Client1, OU=R&D, O=RSUBJET, C=DE the login modules after SimpleNameMappingLoginModule will receive user name Client1 as credentials.
If you add this login module to the stack:
com.softwareag.security.jaas.login.modules.SimpleNameMappingLoginModule required
user_mapping_regex="CN=(\\w*),(.*)"
user_mapping_matchgroup="3"
If you login with user name CN=Client1, OU=R&D, O=RSUBJET, C=DE the login modules after SimpleNameMappingLoginModules will receive user name null as credentials.