geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject login modules
Date Sat, 02 Jul 2005 01:02:07 GMT
At javaone I discussed some issues which Alan about our current login 
system and wrapping principals.  At the time I was sure I understood 
how our current code works but after reviewing it I'm not so sure any 
more :-)

Anyway, IIUC we agreed that:

-the security/permissions mapping system should work with both wrapped 
and unwrapped principals

-if a login module is going to have its principals wrapped, it will be 
supplied a new, empty subject.  The principals the lm adds will be 
copied to the "real" subject and wrapped principals for each of these 
principals will be added.  This avoids the problem that if two lms add 
exactly the same principal it is impossible to tell which one added it 
to the set of principals in the subject.  (at the time I was sure that 
this "new subject" feature wasn't there, but after looking at the code 
I can't tell).

-if a login module is not going to have its principals wrapped, it will 
get the "real" subject.  This is useful for auditing lms, and various 
kinds of principal/credential  mapping schemes as may be needed for 
connectors and web service identity propagation.

This is going to require a new flag "wrapPrincipals" which I guess 
should go in the LoginModuleUse together with the 
REQUIRED/OPTIONAL/SUFFICIENT/... flag.

As a side note, I find the login code almost impossible to understand, 
and I hope we can find some way to comment and/or reorganize it so what 
it does is easier to figure out from the code.  As far as I can tell 
what it does is really powerful and useful, and I think if it was more 
accessible it would be used more to good effect.

Many thanks
david jencks


Mime
View raw message