JBoss.org Community Documentation
The UsersRolesLoginModule
is a simple login module that supports multiple users and user roles loaded from Java properties files. The username-to-password mapping file is called users.properties
and the username-to-roles mapping file is called roles.properties
. The properties files are loaded during initialization using the initialize method thread context class loader. This means that these files can be placed into the J2EE deployment JAR, the JBoss configuration directory, or any directory on the JBoss server or system classpath. The primary purpose of this login module is to easily test the security settings of multiple users and roles using properties files deployed with the application.
The users.properties
file uses a username=password
format with each user entry on a separate line as show here:
username1=password1 username2=password2 ...
The roles.properties
file uses as username=role1,role2,...
format with an optional group name value. For example:
username1=role1,role2,... username1.RoleGroup1=role3,role4,... username2=role1,role3,...
The username.XXX
form of property name is used to assign the username roles to a particular named group of roles where the XXX
portion of the property name is the group name. The username=...
form is an abbreviation for username.Roles=...
, where the Roles
group name is the standard name the JaasSecurityManager
expects to contain the roles which define the users permissions.
The following would be equivalent definitions for the jduke
username:
jduke=TheDuke,AnimatedCharacter jduke.Roles=TheDuke,AnimatedCharacter
The supported login module configuration options include the following:
usersProperties
: The name of the properties resource containing the username to password mappings. This defaults to users.properties
.
rolesProperties
: The name of the properties resource containing the username to roles mappings. This defaults to roles.properties
.
This login module supports password stacking, password hashing and unauthenticated identity.