geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Security Config File questions
Date Fri, 10 Jun 2005 17:45:37 GMT

On Jun 10, 2005, at 10:26 AM, Michael Malgeri wrote:

> Got a couple of security related questions:
> 1.  In the following snippet from thej2ee-secure-plan.xml file one of 
> possibly many login modules (which are connected by a reference tag) 
> are associated with the realm and the other block that appear above 
> the realm
> <gbean name="demo-properties-login" 
> class="">
>         <attribute name="controlFlag">REQUIRED</attribute>
>         <reference name="LoginModule">
>             <name>demo-properties-login</name>
>         </reference>
>     </gbean>
> Each login module has a Flag, which I see in this case is "REQUIRED"
> But shouldn't each login module have the ability to take "options", 
> which I don't see
> Is there an "options"attribute? I know there is an "options" attribute 
> in the "LoginModuleGBean" that this block is associate with, but what 
> do you do in the case when there are multiple login modules, i.e. 
> multiple JaasLoginModuleUse gbeans and they each can have options?
> 2.  In a standard JAAS config file, there are "Application blocks" 
> that contain groups of login modules. it looks something like
> App1{
> Class Flag Options;
>  Class Flag Options: etc}.
> where each  "Class" , "Flag" and "Options" is for each login module
> "What" tag/artifact/THING in the j2ee-secure-plan.xml file corresponds 
> to "App1" in the preceeding block ?

lets see if I can answer both questions at once, or if I just confuse 
things further.

Each line Class Flag Options from (2) corresponds to a LoginModuleGbean 
in geronimo, except we take out the flag.

Each App1 corresponds to a GenericSecurityRealm gbean.

We let you reuse a configured login module for several security realms. 
  Each GenericSecurityRealm gets a reference to a linked list of 
LoginModuleUse gbeans, which supplies the order of login modules and 
the Flag for each login module as used in the GenericSecurityRealm.  It 
may not be obvious from the j2ee-secure-plan but LoginModuleUse has a 
reference to a next LoginModuleUse.

The examples in openejb have an alternate xml syntax that is much 
clearer but I'm not sure it is completely approved by everyone.

david jencks

> Michael Malgeri
>  Mgr Gluecode Client Technical Services
>  PHONE: 310-536-8355 x 14
>  FAX: 310-536-9062
>  CELLULAR: 310-704-6403

View raw message