geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <>
Subject Re: Security Refactoring
Date Wed, 03 Nov 2004 00:16:20 GMT
Did you finish the command line deployer already?


Dain Sundstrom
Chief Architect
Gluecode Software
310.536.8355, ext. 26

On Nov 2, 2004, at 3:58 PM, Aaron Mulder wrote:

> 	I think I'd like to propose some refactoring of the current
> security realm, configuration entry, and login module structure.  This 
> is
> related to issues 424, 410, 409, 422, and 419.
> 	I'd like to generalize the security realm implementation, and make
> it take a more arbitrary/configurable list of login modules.  That 
> would
> let you implement features like auditing and lockout as login modules, 
> and
> hopefully entirely encapsulate Kerberos, SQL, and File access as login
> modules.  Then you pick login modules from here and there and pop them
> into a general security realm, and off you go.  It makes it all much 
> more
> modular, and lets us reuse the same features across realm types without
> needing to separately update multiple security realm implementations to
> handle them.
> 	While I'm in there, I'd like to make the ConfigurationEntry
> process more automatic (since every realm needs one), and remove some 
> of
> the redundant configuration options for login modules.
> 	I'm not sure how best to proceed.  I assume that Alan (and perhaps
> others) are going to want to look this over before it goes in.  The
> easiest way would be to put a code proposal together -- I'm not sure 
> if a
> branch or a giant patch would be easier -- it seems like they both have
> disadvantages.  I could also try to write it up in sufficient detail 
> for
> someone else to code, but that feels like it would just introduce
> additional delay.  Any thoughts on this?
> Thanks,
> 	Aaron

View raw message