Currently, the JBOSS agent creates two principle objects that gets passed to the web application that is hosted by JBOSS.
The principles are as follows:
The 2 enhancements that are being requested for the JBOSS agent are:
• Ability to support multiple principal roles / groups per user. Currently, it only supports one role/group per user.
• Ability to allow the JBOSS agent to pass in user profile information as part of a principle object. Currently it only supports user ID and a role/group principle object.
Every or most J2EE application supports the ability to maintain multiple roles or group membership per user. The current ability to support one principle role, limits the practical usage of the JBOSS agent within the business policies of the organization. Also, organizations are leveraging user profile information to enhance the authorization model. For example, If an end user is listed as a grade 4, level C person from a security perspective and is on the Engineering team that person would have access to the engineering and deployment plans. A person at the same security clearance, but from a different department will not be entitled to view the plans. In order to code this scenario, one would have to manually gather the information from the repository and also incorporate the information being delivered by the JBOSS agent. The enhancement will, basically deliver the required information once thru one method and allow the application to simply map the access. It'll also reduce the number of repeated established connections to obtain the additional profile information from the repository. One gets to the point, where the question is asked "Why am I using the agent if I have to manually gather additional information out side of the agent"..... The point to the matter, is the current features of the JBOSS agent is limiting and requires a companion solution to address the data requirements required per user.
Summary of Enhancement
• Leverages multiple roles per user.
• Leverage profile information that can configured thru SiteMinder and passed along thru the JBOSS agent.