Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 51308 invoked from network); 10 Jun 2005 17:29:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 10 Jun 2005 17:29:07 -0000 Received: (qmail 29320 invoked by uid 500); 10 Jun 2005 17:29:02 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 29276 invoked by uid 500); 10 Jun 2005 17:29:01 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Delivered-To: moderator for dev@geronimo.apache.org Received: (qmail 23012 invoked by uid 99); 10 Jun 2005 17:26:25 -0000 X-ASF-Spam-Status: No, hits=0.9 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_40_50,HTML_MESSAGE,SPF_HELO_FAIL,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of mmalgeri@us.ibm.com designates 32.97.110.131 as permitted sender) To: dev@geronimo.apache.org MIME-Version: 1.0 Subject: Security Config File questions X-Mailer: Lotus Notes Release 6.0.2CF1 June 9, 2003 From: Michael Malgeri Message-ID: Date: Fri, 10 Jun 2005 10:26:05 -0700 X-MIMETrack: Serialize by Router on D03NM113/03/M/IBM(Build V70_M4_01112005 Beta 3|January 11, 2005) at 06/10/2005 11:26:07, Serialize complete at 06/10/2005 11:26:07 Content-Type: multipart/alternative; boundary="=_alternative 005EF5948825701C_=" X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multipart message in MIME format. --=_alternative 005EF5948825701C_= Content-Type: text/plain; charset="US-ASCII" Got a couple of security related questions: 1. In the following snippet from thej2ee-secure-plan.xml file one of possibly many login modules (which are connected by a reference tag) are associated with the realm and the other block that appear above the realm REQUIRED demo-properties-login Each login module has a Flag, which I see in this case is "REQUIRED" But shouldn't each login module have the ability to take "options", which I don't see Is there an "options"attribute? I know there is an "options" attribute in the "LoginModuleGBean" that this block is associate with, but what do you do in the case when there are multiple login modules, i.e. multiple JaasLoginModuleUse gbeans and they each can have options? 2. In a standard JAAS config file, there are "Application blocks" that contain groups of login modules. it looks something like App1{ Class Flag Options; Class Flag Options: etc}. where each "Class" , "Flag" and "Options" is for each login module "What" tag/artifact/THING in the j2ee-secure-plan.xml file corresponds to "App1" in the preceeding block ? Michael Malgeri Mgr Gluecode Client Technical Services PHONE: 310-536-8355 x 14 FAX: 310-536-9062 CELLULAR: 310-704-6403 --=_alternative 005EF5948825701C_= Content-Type: text/html; charset="US-ASCII"
Got a couple of security related questions:

1.  In the following snippet from thej2ee-secure-plan.xml file one of possibly many login modules (which are connected by a reference tag) are associated with the realm and the other block that appear above the realm

<gbean name="demo-properties-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
        <attribute name="controlFlag">REQUIRED</attribute>
        <reference name="LoginModule">
            <name>demo-properties-login</name>
        </reference>
    </gbean>

Each login module has a Flag, which I see in this case is "REQUIRED"
But shouldn't each login module have the ability to take "options", which I don't see
Is there an "options"attribute? I know there is an "options" attribute in the "LoginModuleGBean" that this block is associate with, but what do you do in the case when there are multiple login modules, i.e. multiple JaasLoginModuleUse gbeans and they each can have options?

2.  In a standard JAAS config file, there are "Application blocks" that contain groups of login modules. it looks something like

App1{
Class Flag Options;
 Class Flag Options: etc}.

where each  "Class" , "Flag" and "Options" is for each login module

"What" tag/artifact/THING in the j2ee-secure-plan.xml file corresponds to "App1" in the preceeding block ?

Michael Malgeri
Mgr Gluecode Client Technical Services
PHONE: 310-536-8355 x 14
FAX: 310-536-9062
CELLULAR: 310-704-6403 --=_alternative 005EF5948825701C_=--