geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <...@toolazydogs.com>
Subject RE: [security] Authentication mechanism
Date Thu, 27 Nov 2003 20:04:00 GMT
1. I think that it should be called before the login configuration is
retrieved, which I think is before the LoginContext is created.
 
2. Yes, they should go in there.
 
3. Look at the commit method of the Policy context.
 
 
Regards,
Alan

	-----Original Message----- 
	From: Jan Bartel 
	Sent: Wed 11/26/2003 11:52 PM 
	To: geronimo-dev@incubator.apache.org 
	Cc: 
	Subject: [security] Authentication mechanism
	
	

	I'm just taking a look at integrating the web tier security with
	Geronimo security. I've got a couple of questions:
	
	1.  When/who should call setMBeanServer on the
	     GeronimoLoginConfiguration? Should I call it
	     just before doing a LoginContext login() call?
	
	
	2.  What code is responsible for configuring the SecurityRealm
	     instances? Should they be configurable from the
	     security-service.xml file?
	
	3.  I still can't work out where the mapping of the user's roles
	     that are retrieved by the SecurityRealm are turned into
permissions
	     suitable for a HttpRequest.isUserInRole() call impl?
	
	Any pointers on any of these would be welcome.
	
	thanks
	Jan
	
	

Mime
View raw message