geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@savoirtech.com>
Subject Re: LoginDomains and automapping
Date Tue, 23 Nov 2004 05:26:20 GMT

This is good...this should get the raw Tomcat JAASRealm to work for 
authorization.  I just coded up a special JAASTomcatRealm that called 
the ContextManager.getServerSideSubject and now I can ditch it since it 
looks like the JaasLoginCoordinator is populating the subject.

Aaron..good work...you beat us to the punch.  I sent a patch (w/adc's 
help - thanks) to adc that did as you stated below because I needed it 
for Tomcat.  I was just writing the unit tests for it ;-)  Oh well...it 
was a good opportunity to look at the security code!

Thanks, as this is really going to help get the JAAS working in Tomcat.

Jeff

Alan D. Cabrera wrote:
> I think that we should return the realm principals as well for all the same reasons that
we have realm principals in the first place. 
>  
> Just a heads up on the context manager.  I'm correnty reworking it to clean it up and
include interop.
>  
>  
> Regards,
> Alan
> 
> 	-----Original Message----- 
> 	From: Aaron Mulder [mailto:ammulder@alumni.princeton.edu] 
> 	Sent: Mon 11/22/2004 9:26 PM 
> 	To: dev@geronimo.apache.org 
> 	Cc: 
> 	Subject: Overview of Latest Security Changes
> 	
> 
> 	<snip>list o great work</snip> 
> 
> 
> 
> 	I also changed the login service so it returns principals generated by
> 	server-side login modules to the client and the JaasLoginCoordinator puts
> 	them into the Subject (not RealmPrincipals, though).  This is controlled
> 	by a new GBean attribute on the realm.  Note that the J2EE containers will
> 	still need to call ContextManager.getServerSideSubject in order to get the
> 	RealmPrincipals -- though we may want to handle that "automagically" in
> 	the JaasLoginCoordinator when it is actually run on the server side.
> 	
> 	Finally, I added a simple auditing login module and some tests with two
> 	login modules in place.
> 	
> 	Aaron
> 	
> 

Mime
View raw message