geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Created: (GERONIMO-3303) Simplify security authentication framework by removing "mixed" local/remote logins.
Date Tue, 10 Jul 2007 05:53:04 GMT
Simplify security authentication framework by removing "mixed" local/remote logins.

                 Key: GERONIMO-3303
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0-M6
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.0-M7

Back at apachecon 2005 there was a big discussion where we decided to remove the parts of
the geronimo authentication framework that let clients run login modules on the server.  See
the email from me dated Dec 23, 2005, at 6:37 PM, Geronimo Security plans (from ApacheCon).

I've finally replaced the remote login with something using the openejb protocol and removed
the no longer needed code.  This is a big simplification.

I've refactored the authentication stuff so that:

- we still have a GeronimoLoginConfiguration
- we can still (optionally) wrap principals to determine exactly which login module and realm
they came from
- all authentication happens in a single vm, no sneaky remoting stuff
- we use the LoginContext to create the login modules directly from the AppConfigurationEntry[]
- registering and unregistering the subject and inserting the identification principal is
done by a login module automatically added by the GenericSecurityRealm, rather than the JaasSecuritySession

This eliminates most of the hard to understand code including:


I've also removed the subject carrying protocol and the remoting jmx code since it isn't used.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message