geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Geronimo Wiki] Update of "Security" by AaronMulder
Date Mon, 04 Jul 2005 03:03:45 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Geronimo Wiki" for change notification.

The following page has been changed by AaronMulder:
http://wiki.apache.org/geronimo/Security

------------------------------------------------------------------------------
   * Maybe automatically return the server-side Subject for server-side usage of {{{JaasLoginCoordinator}}}
   * Fix the assignment of a {{{DeploymentSupport}}} class to the {{{GenericSecurityRealm}}}
-- as is, there's no way to configure the {{{DeploymentSupport}}} to point to a specific login
realm instance (LDAP server, DB, etc.)
   * Replace the static registration with {{{GeronimoLoginConfiguration}}} with an IOC assignment
of GLC to each security realm (or better yet, vice versa).
-  * Update {{{geronimo-jetty.xml}}} to have the name of the security realm that Jetty should
use to authenticate to.  Currently that's in a separate GBean, which is kind of icky and is
subject to naming collisions across web apps
+  * Update {{{geronimo-web.xml}}} to have the name of the security realm that Jetty should
use to authenticate to.  Currently that's in a separate GBean, which is kind of icky and is
subject to naming collisions across web apps
   * Handle user-provided {{{CallbackHandler}}}s in J2EE client applications
   * Add some kind of fancier validator object to a {{{SecurityRealm}}} that can enforce rules
like "user only valid between 9 and 5".  It can't only reject new logins; it must also terminate
an existing valid login at the appropriate time.  It's not clear how to do this right.  This
would replace the previous ability to set a realm-specific max login duration.
   * Potentially replace realm bridges with connector-specific {{{LoginModule}}} classes that
just add additional Principals to the Subject at the initial authentication time.

Mime
View raw message