geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <>
Subject RE: [security] Authentication mechanism
Date Thu, 27 Nov 2003 20:04:00 GMT
1. I think that it should be called before the login configuration is
retrieved, which I think is before the LoginContext is created.
2. Yes, they should go in there.
3. Look at the commit method of the Policy context.

	-----Original Message----- 
	From: Jan Bartel 
	Sent: Wed 11/26/2003 11:52 PM 
	Subject: [security] Authentication mechanism

	I'm just taking a look at integrating the web tier security with
	Geronimo security. I've got a couple of questions:
	1.  When/who should call setMBeanServer on the
	     GeronimoLoginConfiguration? Should I call it
	     just before doing a LoginContext login() call?
	2.  What code is responsible for configuring the SecurityRealm
	     instances? Should they be configurable from the
	     security-service.xml file?
	3.  I still can't work out where the mapping of the user's roles
	     that are retrieved by the SecurityRealm are turned into
	     suitable for a HttpRequest.isUserInRole() call impl?
	Any pointers on any of these would be welcome.

View raw message