geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <d...@iq80.com>
Subject Re: login modules
Date Sat, 02 Jul 2005 17:44:36 GMT
On Jul 1, 2005, at 6:02 PM, David Jencks wrote:

> At javaone I discussed some issues which Alan about our current  
> login system and wrapping principals.  At the time I was sure I  
> understood how our current code works but after reviewing it I'm  
> not so sure any more :-)
>
> Anyway, IIUC we agreed that:
>
> -the security/permissions mapping system should work with both  
> wrapped and unwrapped principals
>
> -if a login module is going to have its principals wrapped, it will  
> be supplied a new, empty subject.  The principals the lm adds will  
> be copied to the "real" subject and wrapped principals for each of  
> these principals will be added.  This avoids the problem that if  
> two lms add exactly the same principal it is impossible to tell  
> which one added it to the set of principals in the subject.  (at  
> the time I was sure that this "new subject" feature wasn't there,  
> but after looking at the code I can't tell).
>
> -if a login module is not going to have its principals wrapped, it  
> will get the "real" subject.  This is useful for auditing lms, and  
> various kinds of principal/credential  mapping schemes as may be  
> needed for connectors and web service identity propagation.
>
> This is going to require a new flag "wrapPrincipals" which I guess  
> should go in the LoginModuleUse together with the REQUIRED/OPTIONAL/ 
> SUFFICIENT/... flag.

+0  I don't really understand the security code, but this sounds  
reasonable

> As a side note, I find the login code almost impossible to  
> understand, and I hope we can find some way to comment and/or  
> reorganize it so what it does is easier to figure out from the  
> code.  As far as I can tell what it does is really powerful and  
> useful, and I think if it was more accessible it would be used more  
> to good effect.

+100000000000000000000000000

One day I would like to understand the security code :)

-dain

Mime
View raw message