avalon-phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen McConnell <mcconn...@osm.net>
Subject Re: Mulitple components of same ROLE
Date Thu, 06 Jun 2002 10:26:42 GMT

Richard Wallace wrote:

>Hey guys,
>I've been working with Larry on a AAA
>(Authentication/Authorization/Auditing) framework for cornerstone.  One
>of the things that we're discussing is if we should have support for
>multiple Realms similar to the way PAM and JAAS have multiple
>LoginModules.  I'm thinking that it would be similar in function to the
>way JAAS does it, but alleviates the need for relying on the JAAS API
>and creating a JAASRealm that would have to be used to get this feature.
>I have two questions about this, I guess:
>1)  Does this sound like a feature people would be interested in?  If
>there isn't a lot of need for it we'll put it on the back burner and
>maybe write an implementation later that will support it.

Yes, I'm iunterested in seeing multiple realms.

>2)  We're deciding that (at least within phoenix) Realms will be
>configured and provided to the Authenticator as blocks.  

(and I'm assuming when you say block, you actually mean a
component + meta-info .. which is equivalent to the notion of a block)

>So, if we
>decide to support multiple realms how do we provide multiple components
>that implement the same role (in this case Realm) to a Serviceable
>component?  Or would that not be the right interface to implement? 

Yes and no.
Some possible approaches:

1. Create an Authenticator component that has a dependecy of a RealmSet
   component.  The RealSet establishes the realms using whatever
   implementation magic it likes (via configuration info, via dynamic
   lookup of available realms in a directory or file-system, etc).
   The kernel will supply the RealmSet to the Authenticator based on the
   dependecies you declare.

2. If is a pure Phoenix environment, then you could use a block listener
   aggregate the set of realms and wire these to the Authenticator.

My preference would be for option 1.

>What, other than Serviceable, should it become to accomplish this?

Serviceable is what you should be using if you declare dependecies - the 
quetion is - are yuou declaring a dependecy on a single realm, or a 
component that enables you to select one or more realms.

Cheers, Steve.


Stephen J. McConnell

digital products for a global economy

To unsubscribe, e-mail:   <mailto:avalon-phoenix-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:avalon-phoenix-dev-help@jakarta.apache.org>

View raw message