Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 35645 invoked from network); 26 Sep 2005 22:16:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 26 Sep 2005 22:16:15 -0000 Received: (qmail 84515 invoked by uid 500); 26 Sep 2005 22:13:05 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 83750 invoked by uid 500); 26 Sep 2005 22:13:01 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 83005 invoked by uid 99); 26 Sep 2005 22:12:56 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Sep 2005 15:12:55 -0700 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 2329C17F for ; Tue, 27 Sep 2005 00:12:33 +0200 (CEST) Message-ID: <148830362.1127772753141.JavaMail.jira@ajax.apache.org> Date: Tue, 27 Sep 2005 00:12:33 +0200 (CEST) From: "David Blevins (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-883) We need a flag to indicate if login modules should have their principals wrapped or not In-Reply-To: <796640521.1124261996732.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-883?page=all ] David Blevins updated GERONIMO-883: ----------------------------------- Fix Version: 1.0 (was: 1.0-M5) > We need a flag to indicate if login modules should have their principals wrapped or not > --------------------------------------------------------------------------------------- > > Key: GERONIMO-883 > URL: http://issues.apache.org/jira/browse/GERONIMO-883 > Project: Geronimo > Type: Bug > Components: security > Versions: 1.0-M5 > Reporter: David Jencks > Assignee: Alan Cabrera > Fix For: 1.0 > > Currently we are wrapping all principals returned from a "user" login module, and no one really knows whether each login module gets its own Subject or the Subject is shared. We need to provide a flag in LoginModuleUse that selects either: > -- principals are wrapped and login module gets a new Subject > -- principals are not wrapped and login module gets a shared Subject. > The first is likely to be used for normal login modules that actually verify something based on user input, the second for things like auditing or mapping credentials for connectors where access to principals generated by other login modules is required. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira