geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <>
Subject [jira] Commented: (GERONIMO-3303) Simplify security authentication framework by removing "mixed" local/remote logins.
Date Thu, 12 Jul 2007 11:23:04 GMT


Vamsavardhana Reddy commented on GERONIMO-3303:

Removed empty packages/directories.

Completed: At revision: 555583 in trunk.

> Simplify security authentication framework by removing "mixed" local/remote logins.
> -----------------------------------------------------------------------------------
>                 Key: GERONIMO-3303
>                 URL:
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0-M6
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0-M7
> Back at apachecon 2005 there was a big discussion where we decided to remove the parts
of the geronimo authentication framework that let clients run login modules on the server.
 See the email from me dated Dec 23, 2005, at 6:37 PM, Geronimo Security plans (from ApacheCon).
> I've finally replaced the remote login with something using the openejb protocol and
removed the no longer needed code.  This is a big simplification.
> I've refactored the authentication stuff so that:
> - we still have a GeronimoLoginConfiguration
> - we can still (optionally) wrap principals to determine exactly which login module and
realm they came from
> - all authentication happens in a single vm, no sneaky remoting stuff
> - we use the LoginContext to create the login modules directly from the AppConfigurationEntry[]
> - registering and unregistering the subject and inserting the identification principal
is done by a login module automatically added by the GenericSecurityRealm, rather than the
> This eliminates most of the hard to understand code including:
> JaasLoginCoordinator
> JaasSecuritySession
> JaasLoginService
> I've also removed the subject carrying protocol and the remoting jmx code since it isn't

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message