Finally, he worked on it. Custom Principalcan be created in JBoss AS. This is enough to create a class that implements java.security.Principaland adds custom attributes and getters / seters.
Then, when configuring the login module (for example, DatabaseServerLoginModule), the module parameter in the login-config.xml file simply add the parameter principalClass:
<application-policy name="my-security-domain">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="principalClass">com.custom.security.MyCustomPrincipal</module-option>
...
Now the problem is that due to an existing error in JBoss, calling the incremented one EJBContext.getCallerPrincipal()does not return a user Principal, but a simple instance of SimplePrincipal! But the good news is that this can be solved with the following JAAS code, which allows you to verify the authentication information of the EJB container:
try {
Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
Set<Group> subjectGroups = subject.getPrincipals(Group.class);
Iterator<Group> iter = subjectGroups.iterator();
while (iter.hasNext()) {
Group group = iter.next();
String name = group.getName();
if (name.equals("CallerPrincipal")) {
Enumeration<? extends Principal> members = group.members();
if (members.hasMoreElements()) {
context = members.nextElement();
myCustomPrincipal = (MyCustomPrincipal) context;
}
}
}
} catch (PolicyContextException e) {
....
}
POJO, EJB, , EJBContext.