geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3407) SubjectRegistrationLoginModule conceptually can't work.
Date Tue, 14 Aug 2007 08:27:30 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12519625
] 

David Jencks commented on GERONIMO-3407:
----------------------------------------

Fixed in trunk rev 565657.  I added login and logout methods to ContextManager that also handle
the subject registration/unregistration steps and modified code that used to call LoginContext.login
and logout to use the methods on ContextManager as well.

Needs to be ported to branches/2.0 and the 2.0.1 release.

> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
>                 Key: GERONIMO-3407
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3407
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.x, 2.1
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0, 2.0.x, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work.  The idea
behind subject registration is that we want to compute the AccessControlContext for a subject
once and cache it.  That can only be done once the subject is fully populated by all login
modules, so if the ACC is determined by a login module it must be the last one.  However,
if any previous LM is marked REQUISITE no further modules will be processed.  Therefore we
have to register the subjects in some other way.  Just maybe we could "preregister" the subject
but determine the ACC lazily??

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message