Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 89755 invoked from network); 28 Nov 2007 20:47:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Nov 2007 20:47:06 -0000 Received: (qmail 20924 invoked by uid 500); 28 Nov 2007 20:46:52 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 20880 invoked by uid 500); 28 Nov 2007 20:46:52 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 20869 invoked by uid 99); 28 Nov 2007 20:46:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 12:46:51 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of c1vamsi1c@gmail.com designates 64.233.184.239 as permitted sender) Received: from [64.233.184.239] (HELO wr-out-0506.google.com) (64.233.184.239) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2007 20:46:32 +0000 Received: by wr-out-0506.google.com with SMTP id 68so1238898wra for ; Wed, 28 Nov 2007 12:46:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=9i00PLPi5qxaugR5XVLEqimrQz2WEcOWDcWim6ViEV8=; b=aZ54Ty0+JGVDXTKKptPwKY7sOkuPL/rgf7UZbsRrXkdVd40FVdwZlP2HyAIgZ5G7UGtFRBI3UusC+uxRdWerDCiAe4a5l/XeOUq8URtKtdjGIIRI/PwaAkcCI9IucWhErDHMbkzTOr/qV9NtiwXOuElhMd5nI0F2l+oTtHMppHk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Ev1zQeadbN+UJAMMHEXZPWgnZYstZ5Wdq1HrM7vKluWQtrAwKsJxj4url31gqoh0SKOCDS+AojPNoBgXivoUuKsV3B4uzYQUbJj/onRHP0wSrLZZjLMJarDxAwpjx890yWgjmuYGm8rUBmHwU5ejo7Sr2nMxtaQcw9yqbgGMDIU= Received: by 10.142.107.1 with SMTP id f1mr1677579wfc.1196282792894; Wed, 28 Nov 2007 12:46:32 -0800 (PST) Received: by 10.142.161.4 with HTTP; Wed, 28 Nov 2007 12:46:32 -0800 (PST) Message-ID: <22d56c4d0711281246j3b6c8a3t99459f4be8451f1b@mail.gmail.com> Date: Thu, 29 Nov 2007 02:16:32 +0530 From: "Vamsavardhana Reddy" To: dev@geronimo.apache.org Subject: Re: [jira] Commented: (GERONIMO-3641) NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule In-Reply-To: <17504936.1196282145301.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_4767_6621335.1196282792897" References: <15399889.1196250043899.JavaMail.jira@brutus> <17504936.1196282145301.JavaMail.jira@brutus> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_4767_6621335.1196282792897 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks for the clarification David. ++Vamsi On Nov 29, 2007 2:05 AM, David Jencks (JIRA) wrote: > > [ > https://issues.apache.org/jira/browse/GERONIMO-3641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546376] > > David Jencks commented on GERONIMO-3641: > ---------------------------------------- > > ConfiguredIdentityNamedUsernamePasswordLoginModule is pretty much > essential for the TCK. You use it in case you want to supply credentials > for the server when its calling another server, e.g. a remote web service > and you are relying on the server credentials rather than the user > credentials. You can get a similar effect with a run-as where the run-as > subject has been set up with NamedUPCredentialLoginModule but using > ConfiguredIdentityNamedUsernamePasswordLoginModule means you can avoid the > run-as. > > > NamedUPCredentialLoginModule vs > ConfiguredIdentityNamedUsernamePasswordLoginModule > > > ---------------------------------------------------------------------------------- > > > > Key: GERONIMO-3641 > > URL: https://issues.apache.org/jira/browse/GERONIMO-3641 > > Project: Geronimo > > Issue Type: Bug > > Security Level: public(Regular issues) > > Components: security > > Affects Versions: 2.0.x, 2.1 > > Reporter: Vamsavardhana Reddy > > Fix For: 2.0.x, 2.1 > > > > > > I see that ConfiguredIdentityNamedUsernamePasswordLoginModule and > NamedUPCredentialLoginModule are added to geronimo codebase around the same > time (rev 159325 and rev 159560). The difference between the two is that > NamedUPCredentialLoginModule uses the user supplied username and password > where as ConfiguredIdentityNamedUsernamePasswordLoginModule gets the > username and password from options supplied to the login module. > NamedUPCredentialLoginModule is used by the Security realms portlet whereas > there are no references to > ConfiguredIdentityNamedUsernamePasswordLoginModule in the codebase. I guess > one of them (most likely ConfiguredIdentityNamedUsernamePasswordLoginModule) > is redundant and it should be eliminated. What am I missing? > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > ------=_Part_4767_6621335.1196282792897 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks for the clarification David.

++Vamsi

On Nov 29, 2007 2:05 AM, David Jencks (JIRA) <jira@apache.org> wrote:

   [ https://issues.apache.org/jira/browse/GERONIMO-3641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546376 ]

David Jencks commented on GERONIMO-3641:
----------------------------------------

ConfiguredIdentityNamedUsernamePasswordLoginModule is pretty much essential for the TCK.  You use it in case you want to supply credentials for the server when its calling another server, e.g. a remote web service and you are relying on the server credentials rather than the user credentials.  You can get a similar effect with a run-as where the run-as subject has been set up with NamedUPCredentialLoginModule but using ConfiguredIdentityNamedUsernamePasswordLoginModule means you can avoid the run-as.

> NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule
> ----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3641
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3641
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues)
>          Components: security
>    Affects Versions: 2.0.x, 2.1
>            Reporter: Vamsavardhana Reddy
>             Fix For: 2.0.x, 2.1
>
>
> I see that ConfiguredIdentityNamedUsernamePasswordLoginModule and NamedUPCredentialLoginModule are added to geronimo codebase around the same time (rev 159325 and rev 159560).  The difference between the two is that NamedUPCredentialLoginModule uses the user supplied username and password where as ConfiguredIdentityNamedUsernamePasswordLoginModule gets the username and password from options supplied to the login module.  NamedUPCredentialLoginModule is used by the Security realms portlet whereas there are no references to ConfiguredIdentityNamedUsernamePasswordLoginModule in the codebase.  I guess one of them (most likely ConfiguredIdentityNamedUsernamePasswordLoginModule) is redundant and it should be eliminated.  What am I missing?

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


------=_Part_4767_6621335.1196282792897--