geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edward Flick <directr...@yahoo.com>
Subject RE: J2EE security
Date Tue, 12 Aug 2003 17:02:39 GMT
OK, I like the reference authorization system in place
in JAAS.  But the reference JAAS implementation has
shortcomings pertaining to remote Authentication:
1) By nature, it is designed to populate a local
Subject (and Subject(s) are declared final so we can't
just implement a RemoteSubject and use their
framework).
2) JAAS is more or less designed to run in its own
bubble.  The only semi-efficient way to pass in a
method for the LoginModule to actually do something
besides just load a Subject with dummy values for a
remote Authenticator to process is to pass in a
Callback with something like an ObjectOutputStream or
something like that.  Not to say that this would be
the worst way to do it, but if you are going to be
writing LoginModules that try to workaround
limitations inherent in the framework, then maybe you
should be questioning the frameworks feasability for
that particular task
3) The standard LoginModule approach could be used to
populate the Subject with dummy principals and
credentials (which are not allocated Permissions) and
then have the remote authenticators read from the
Subject to find what to authenticate as.  But this has
the problem that when you actually do the login you
don't immediately get Exceptions thrown back at you at
failed login attempts, because the actual loggin in is
deferred until later.

This is why I like SASL so much.  To the end user you
actually use it much the same way as you interact with
LoginContext/LoginModules you just pass-in a few
parameters including a Map of params, protocol name,
and a CallbackHandler to createSASLClient and you have
a ready made authenticator, just waiting to negotiate
remote authenticity and data confidentiality and
integrity wrappers.

I'm very pro-SASL.  I don't know if you can tell. 
Also, after the Authentication phase is complete.  I
think we should pass the Subject (on the remote end)
that is authenticated into a CredentialDelegator which
should load up any extra credentials/principals (based
on the current set of principals assigned to the
Subject) from an LDAP server/AD or from a local XML
file or from whatever depending on how you have it
defined as to where to pull its info from.  This way
you can recursively import added
principals/credentials to the authenticated Subject. 
This is what I'm working on for the AltRMI (a very
good alternative/easier/more logical RMI
implementation) project, also in incubator.  What do
you guys think?

=====
Edward Flick
Enterprise Applications Designer / Database Administrator / Web Administrator
CDF, Inc.

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Mime
View raw message