geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Including loginDomainName in realm principal might not be useful
Date Tue, 28 Dec 2004 14:48:03 GMT
On Mon, 27 Dec 2004, David Jencks wrote:
> I wrote a test to verify that what I thought was happening is in fact 
> happening.  Only two principals are in the subject after both login 
> modules have committed.  See MultipleLoginDomainTest and uncomment the 
> assertEquals line.

	If your test is set up properly and fails, then it's a bug not a 
deficiency in the strategy.  I'll try to take a look at it too.

Aaron

> I think this test shows that, as it stands now, naming login modules 
> provides no use in disambiguating principals.  Either the different 
> login modules use different principal classes, in which case you don't 
> need the login domain name to tell them apart, or they use the same 
> principal classes, in which case you cannot tell which modules they 
> came from on the basis of the RealmPrincipals, so, again, the login 
> domain name didn't help.
> 
> As I mentioned earlier, the only solution I have thought of is to 
> provide each named or specially marked login module with a separate 
> principal and aggregate them ourselves in the JaasSecurityContext.  I 
> don't know what other effects this might have.
> 
> thanks,
> david jencks

Mime
View raw message