geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Default Security Principal & Role Mapping
Date Mon, 06 Feb 2006 20:31:14 GMT

On Feb 6, 2006, at 12:12 PM, Simon Godik wrote:

> My impression is that CORBA security implementation (csi-v2) is not
> integrated well with the Geronimo login service (please correct me  
> if I'm
> wrong). I plan to integrate csi-v2 security with the Geronimo login  
> service
> by having csi-v2 interceptor authenticate with the login service  
> and thus
> have consistent role mappings; Trust rules will also be moved out into
> trust-manager gbean configured into the security realm

I don't remember the exact terms used in the corba spec, but IIRC  
there is forward and backward (reverse?) authentication propagation.   
IIUC we are required only to implement forward, in which we trust the  
server sending the identity token, whereas backward where we log in  
the propagated identity ourselves is optional.    Can you elaborate  
how we will support both forward and backward styles using the login  
service for both?  When I worked on this it seemed really odd that we  
only got one principal through csiv2, but I didn't see how to add more.

many thanks
david jencks

> Simon

View raw message