This part of the system design has proven to be hard to implement. On one hand we want to support the JAAS incorporated in JBoss, on the other hand we want to allow administrators to create new users in the SCAM system. Using JAAS means that the user management is outside the scope of SCAM. One solution is to implement some sort of interface towards the actual user management system, but this is hard since these systems have such different properties. This implies one implementation for each system.

Currently the login-module SCAM uses is defined using command-chain.xml with the command Login using the parameter 'security-domain'. It should match the appropiate application-policy entry in $JBOSS_HOME/server/$CONFIG/conf/login-config.xml.

By default the org.jboss.security.auth.spi.UsersRolesLoginModule is used (the 'other'-entry). This simple file-based login-module requires two property files, users.properties and roles.properties (the names are defined in login-config.xml). These files should be created in the same directory as above. users.properties contains the principals and their passwords, roles.properties contains the principals and their roles.

If you want to use another login-module, you have to make the following changes: