Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 44949 invoked from network); 4 Dec 2008 08:40:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Dec 2008 08:40:06 -0000 Received: (qmail 48415 invoked by uid 500); 4 Dec 2008 08:40:17 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 48357 invoked by uid 500); 4 Dec 2008 08:40:16 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 48346 invoked by uid 99); 4 Dec 2008 08:40:16 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Dec 2008 00:40:16 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Dec 2008 08:38:56 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 29DDE234C2A6 for ; Thu, 4 Dec 2008 00:39:44 -0800 (PST) Message-ID: <875532159.1228379984163.JavaMail.jira@brutus> Date: Thu, 4 Dec 2008 00:39:44 -0800 (PST) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Closed: (GERONIMO-4445) Make it possible to set up GeronimoLoginConfiguration instances containing specific security realms and to exclude others. In-Reply-To: <609067396.1228377824244.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-4445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Jencks closed GERONIMO-4445. ---------------------------------- Resolution: Fixed Implementation in rev 723240. I added a "publish" flag to the SecurityRealm (default true) and a "publish anyway" flag to GeronimoLoginConfiguration (default false). SimpleCredentialStore can have a collection of realms: if present it constructs a GeronimoLoginConfiguration using those realms with "publish anyway" true and uses it to log in the info to create the subjects. > Make it possible to set up GeronimoLoginConfiguration instances containing specific security realms and to exclude others. > -------------------------------------------------------------------------------------------------------------------------- > > Key: GERONIMO-4445 > URL: https://issues.apache.org/jira/browse/GERONIMO-4445 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.2 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 2.2 > > > Currently there can really only be one GeronimoLoginConfiguration and it finds out about all security realms. There are several uses for additional Configuration instances and for excluding security realms from the "default" GeronimoLoginConfiguration: > - run-as and default subject support require securiy realms to create the subjects. You might want these security realms to be only accessible through CredentialStore instances and not externally: this allows setting up privileged Subjects without a password. > - jaspi auth modules can use JAAS by supplying a Configuration instance. This will allows use of the GeronimoLoginConfiguration here. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.