geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder (JIRA)" <>
Subject [jira] Resolved: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules
Date Sat, 20 Nov 2004 07:48:25 GMT
     [ ]
Aaron Mulder resolved GERONIMO-424:

     Resolution: Fixed
    Fix Version: 1.0-M4

Now each login module gets a GBean, and the security realm can take a list of login modules/flags
(using properties-style syntax)

> ConfigurationEntry support for multiple LoginModules
> ----------------------------------------------------
>          Key: GERONIMO-424
>          URL:
>      Project: Apache Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0-M4

> The abstract class ConfigurationEntry has support for returning multiple LoginModules
(or more accurately, an array of AppConfigurationEntry's).  However, none of the concrete
implementations allow this.
> It's a required feature in order for the CallerIdentityUserPasswordRealmBridge to work,
because that needs the password to be put in the private credential set.  Currently we have
one set of login modules that actually authenticate you, and a different LoginModule that
populates the private credential set.  In order to be both behaviors, you need to load both
LoginModules, but currently the available ConfigurationEntries can't be configured for that.
> A problem is that the ConfigurationEntry gets its data from a SecurityRealm, and the
SecurityRealm can only return a single AppConfigurationEntry (or LoginModule).  It doesn't
make sense to me to make the new "multiple configuration entry" take multiple security realms
as its input.  In concept, you want one security realm with two login modules.
> So I think the change has to start by allowing a SecurityRealm to return multiple AppConfgurationEntry
> Then we need the configuration syntax for the standard security realm GBeans to change
so that they can take multiple login modules, including the options and control flags for
each.  Like, you might want to use a vanilla SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule
(or a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

View raw message