geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-4445) Make it possible to set up GeronimoLoginConfiguration instances containing specific security realms and to exclude others.
Date Thu, 04 Dec 2008 08:39:44 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks closed GERONIMO-4445.
----------------------------------

    Resolution: Fixed

Implementation in rev 723240.  I added a "publish" flag to the SecurityRealm (default true)
and a "publish anyway" flag to GeronimoLoginConfiguration (default false).  SimpleCredentialStore
can have a collection of realms: if present it constructs a GeronimoLoginConfiguration using
those realms with "publish anyway" true and uses it to log in the info to create the subjects.

> Make it possible to set up GeronimoLoginConfiguration instances containing specific security
realms and to exclude others.
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4445
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4445
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>
> Currently there can really only be one GeronimoLoginConfiguration and it finds out about
all security realms.  There are several uses for additional Configuration instances and for
excluding security realms from the "default" GeronimoLoginConfiguration:
> - run-as and default subject support require securiy realms to create the subjects. 
You might want these security realms to be only accessible through CredentialStore instances
and not externally: this allows setting up privileged Subjects without a password.
> - jaspi auth modules can use JAAS by supplying a Configuration instance.  This will allows
use of the GeronimoLoginConfiguration here.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message