geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Created: (GERONIMO-3407) SubjectRegistrationLoginModule conceptually can't work.
Date Mon, 13 Aug 2007 23:47:30 GMT
SubjectRegistrationLoginModule conceptually can't work.

                 Key: GERONIMO-3407
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0, 2.0.x, 2.1
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.0, 2.0.x, 2.1

The idea of SubjectRegistrationLoginModule while attractive just can't work.  The idea behind
subject registration is that we want to compute the AccessControlContext for a subject once
and cache it.  That can only be done once the subject is fully populated by all login modules,
so if the ACC is determined by a login module it must be the last one.  However, if any previous
LM is marked REQUISITE no further modules will be processed.  Therefore we have to register
the subjects in some other way.  Just maybe we could "preregister" the subject but determine
the ACC lazily??

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message