From scm-return-6937-apmail-geronimo-scm-archive=geronimo.apache.org@geronimo.apache.org Mon Jul 04 03:03:49 2005 Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 94171 invoked from network); 4 Jul 2005 03:03:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 4 Jul 2005 03:03:49 -0000 Received: (qmail 12900 invoked by uid 500); 4 Jul 2005 03:03:48 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 12879 invoked by uid 500); 4 Jul 2005 03:03:48 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 12866 invoked by uid 99); 4 Jul 2005 03:03:48 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Jul 2005 20:03:48 -0700 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 4289812 for ; Mon, 4 Jul 2005 05:03:45 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Apache Wiki To: scm@geronimo.apache.org Date: Mon, 04 Jul 2005 03:03:45 -0000 Message-ID: <20050704030345.27021.87358@ajax.apache.org> Subject: [Geronimo Wiki] Update of "Security" by AaronMulder X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Dear Wiki user, You have subscribed to a wiki page or wiki category on "Geronimo Wiki" for change notification. The following page has been changed by AaronMulder: http://wiki.apache.org/geronimo/Security ------------------------------------------------------------------------------ * Maybe automatically return the server-side Subject for server-side usage of {{{JaasLoginCoordinator}}} * Fix the assignment of a {{{DeploymentSupport}}} class to the {{{GenericSecurityRealm}}} -- as is, there's no way to configure the {{{DeploymentSupport}}} to point to a specific login realm instance (LDAP server, DB, etc.) * Replace the static registration with {{{GeronimoLoginConfiguration}}} with an IOC assignment of GLC to each security realm (or better yet, vice versa). - * Update {{{geronimo-jetty.xml}}} to have the name of the security realm that Jetty should use to authenticate to. Currently that's in a separate GBean, which is kind of icky and is subject to naming collisions across web apps + * Update {{{geronimo-web.xml}}} to have the name of the security realm that Jetty should use to authenticate to. Currently that's in a separate GBean, which is kind of icky and is subject to naming collisions across web apps * Handle user-provided {{{CallbackHandler}}}s in J2EE client applications * Add some kind of fancier validator object to a {{{SecurityRealm}}} that can enforce rules like "user only valid between 9 and 5". It can't only reject new logins; it must also terminate an existing valid login at the appropriate time. It's not clear how to do this right. This would replace the previous ability to set a realm-specific max login duration. * Potentially replace realm bridges with connector-specific {{{LoginModule}}} classes that just add additional Principals to the Subject at the initial authentication time.