geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: login-service refactoring: uniform treatment for the default principal
Date Tue, 31 Jan 2006 00:44:03 GMT

On Jan 30, 2006, at 3:42 PM, Dain Sundstrom wrote:

> On Jan 30, 2006, at 11:49 AM, Simon wrote:
>
>> public interface ILoginService {
>
> No "I"s on interface names please

agreed, I forgot to mention this.
>
>
>> I agree with you that the default principal and run-as principals  
>> should be
>> authenticated on application start-up; (That was my thinking as well)
>
> Why would we need to authenticate the default and run-as  
> principals?  Aren't they just object we create?

I was initially surprised at this idea and certainly want more  
comments.  Also, they are Subjects IIUC not Principals.  However,  
after thinking about it a bit more I think this is a good idea  
because it puts all the access decisions in the same system.  So, if  
you are administering the login info and what principals get assigned  
to each user, you also in the same way administer what principals get  
assigned to the default user(s).

I guess it has the odd effect that you can log in as the default  
user, only explicitly :-)

thanks
david jencks

>
>
> -dain


Mime
View raw message