geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Cabrera (JIRA)" <...@geronimo.apache.org>
Subject [jira] Assigned: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules
Date Wed, 03 Nov 2004 01:53:33 GMT
     [ http://nagoya.apache.org/jira/browse/GERONIMO-424?page=history ]

Alan Cabrera reassigned GERONIMO-424:
-------------------------------------

    Assign To: Alan Cabrera

> ConfigurationEntry support for multiple LoginModules
> ----------------------------------------------------
>
>          Key: GERONIMO-424
>          URL: http://nagoya.apache.org/jira/browse/GERONIMO-424
>      Project: Apache Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>     Assignee: Alan Cabrera

>
> The abstract class ConfigurationEntry has support for returning multiple LoginModules
(or more accurately, an array of AppConfigurationEntry's).  However, none of the concrete
implementations allow this.
> It's a required feature in order for the CallerIdentityUserPasswordRealmBridge to work,
because that needs the password to be put in the private credential set.  Currently we have
one set of login modules that actually authenticate you, and a different LoginModule that
populates the private credential set.  In order to be both behaviors, you need to load both
LoginModules, but currently the available ConfigurationEntries can't be configured for that.
> A problem is that the ConfigurationEntry gets its data from a SecurityRealm, and the
SecurityRealm can only return a single AppConfigurationEntry (or LoginModule).  It doesn't
make sense to me to make the new "multiple configuration entry" take multiple security realms
as its input.  In concept, you want one security realm with two login modules.
> So I think the change has to start by allowing a SecurityRealm to return multiple AppConfgurationEntry
values.
> Then we need the configuration syntax for the standard security realm GBeans to change
so that they can take multiple login modules, including the options and control flags for
each.  Like, you might want to use a vanilla SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule
(or a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


Mime
View raw message