geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simon Godik" <si...@godik.com>
Subject Re: login-service refactoring: uniform treatment for the default principal
Date Tue, 31 Jan 2006 00:10:45 GMT
When default and run-as principals are in-effect they should be treated the
same way as any other principal; (eg granting of privilege to perform
certain tasks); That means we should track these objects in the
login-service and believe that these objects are authentic; We rely on the
login-service to produce principal objects that we believe to be authentic,
not the interceptor code; 

There is a kludge possible such as granting interceptor code-source
privilege to insert subjects into the context, but this is authentication by
assertion is disguise; better to be done explicitly; on top of that any code
that inserts subjects into the context also inserts a bunch of principals
trying to compensate for not doing authentication and should be avoided;

Simon

>Why would we need to authenticate the default and run-as principals?   
>Aren't they just object we create?
>
>
>-dain


Mime
View raw message