geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <>
Subject Re: Web App Security Questions
Date Mon, 18 Oct 2004 02:22:17 GMT
	I added two more to the list.  :)


	What is the meaning of the "doas-current-caller" attribute on the 
"security" element?  I thought we always passed on the current caller's 
identity, but the default is false.  Does this mean we'd wrap any 
application code in a Subject.doAs?  What would that be used for?  Would 
that let us use the JVM to enforce that only certain users could do things 
like file access or open network ports?  Does someone have a resonable 
example of using this in a J2EE app?

	What is the meaning of the "use-context-handler" attribute on the
"security" element?  Is the person in the "deployer" role supposed to know
anything about the installed JACC policy contexts?  I would have thought 
that was an internal server detail, but I really don't even know what the 
terms mean.

	I'm looking at the "default-principal" element in the
geronimo-security schema.  This is used in turn by the various deployment
plans, and I'm not exactly sure when it would kick in.  Looking at a web
app in particular, in which of these cases would the "default-principal"
be used?

1) user not logged in, interacting with unsecured URL

2) user not logged in, interacting with secured URL
    (I assume this only redirects to login page)

3) user logged in, interacting with unsecured URL

4) user logged in, interacting with secured URL
    (I assume the user's actual principal would apply here)

	What is the purpose of the default principal?  Is it to provide
some valid credentials in case an unauthenticated user tried to invoke a
secured resource such as an EJB?  If that's the case, what's the
difference between a default-principal for the web app and a run-as for a

Security Realms
In the web app deployment plan, you can map any role specified in the 
web.xml to one or more principals in one or more realms (using security/

How do you specify which realm should be used to authenticate a user who 
logs in to the web app?  Or is it the case that if you list multiple 
realms across your role definitions, they will all get a chance to 
authenticate the user?  If so, in which order?

Principal Types
What are the valid values for the principal:class attribute?  I assume 
something like "user" or "group", but is there a specific set?  Or is it 
free because it just has to be a value that makes sense to the particular 
realm in question (one might say "group" while another says "role" or 

Designated Run-As
What does it mean for a particular principal to be the run-as principal 
for a role?  Does that mean that if a servlet specifies this role as a 
run-as role, then the server will behave as if the run-as principal is 
logged in while that servlet executes?

View raw message