geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules
Date Thu, 02 Nov 2006 10:49:22 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-424?page=all ]

Vamsavardhana Reddy closed GERONIMO-424.
----------------------------------------


> ConfigurationEntry support for multiple LoginModules
> ----------------------------------------------------
>
>                 Key: GERONIMO-424
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-424
>             Project: Geronimo
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0-M2
>            Reporter: Aaron Mulder
>         Assigned To: Aaron Mulder
>             Fix For: 1.0-M4
>
>
> The abstract class ConfigurationEntry has support for returning multiple LoginModules
(or more accurately, an array of AppConfigurationEntry's).  However, none of the concrete
implementations allow this.
> It's a required feature in order for the CallerIdentityUserPasswordRealmBridge to work,
because that needs the password to be put in the private credential set.  Currently we have
one set of login modules that actually authenticate you, and a different LoginModule that
populates the private credential set.  In order to be both behaviors, you need to load both
LoginModules, but currently the available ConfigurationEntries can't be configured for that.
> A problem is that the ConfigurationEntry gets its data from a SecurityRealm, and the
SecurityRealm can only return a single AppConfigurationEntry (or LoginModule).  It doesn't
make sense to me to make the new "multiple configuration entry" take multiple security realms
as its input.  In concept, you want one security realm with two login modules.
> So I think the change has to start by allowing a SecurityRealm to return multiple AppConfgurationEntry
values.
> Then we need the configuration syntax for the standard security realm GBeans to change
so that they can take multiple login modules, including the options and control flags for
each.  Like, you might want to use a vanilla SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule
(or a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message