geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-3303) Simplify security authentication framework by removing "mixed" local/remote logins.
Date Tue, 10 Jul 2007 15:36:04 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks closed GERONIMO-3303.
----------------------------------

    Resolution: Fixed

Committed in rev 554977.  This is likely to require little bits of additional cleanup, but
I did some looking around in e.g. the testsuite plans.

> Simplify security authentication framework by removing "mixed" local/remote logins.
> -----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3303
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3303
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0-M6
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0-M7
>
>
> Back at apachecon 2005 there was a big discussion where we decided to remove the parts
of the geronimo authentication framework that let clients run login modules on the server.
 See the email from me dated Dec 23, 2005, at 6:37 PM, Geronimo Security plans (from ApacheCon).
> I've finally replaced the remote login with something using the openejb protocol and
removed the no longer needed code.  This is a big simplification.
> I've refactored the authentication stuff so that:
> - we still have a GeronimoLoginConfiguration
> - we can still (optionally) wrap principals to determine exactly which login module and
realm they came from
> - all authentication happens in a single vm, no sneaky remoting stuff
> - we use the LoginContext to create the login modules directly from the AppConfigurationEntry[]
> - registering and unregistering the subject and inserting the identification principal
is done by a login module automatically added by the GenericSecurityRealm, rather than the
JaasSecuritySession
> This eliminates most of the hard to understand code including:
> JaasLoginCoordinator
> JaasSecuritySession
> JaasLoginService
> I've also removed the subject carrying protocol and the remoting jmx code since it isn't
used.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message