jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Samad <a...@samad.com.au>
Subject Re: Some 2.8 auth improvements
Date Tue, 18 Mar 2008 19:48:38 GMT
On Tue, Mar 18, 2008 at 12:44:33AM -0600, Andrew Jaquith wrote:
> Hey Alex -- you asked a fine question. We do indeed use JAAS  
> LoginModules to access container credentials. Those will still be used  
> in 2.8.. What changes is the need to rely on JVM-wide JAAS  
> *configuration* -- specifically the need to obtain a LoginContext from  
> the JVM-wide config.
> The new strategy keeps the stuff that works (the LoginModule classes)  
> and kills the stuff that is annoying (the need for a JAAS config file  
> aka jspwiki.jaas..
sounds great, does this also mean it will be easier to have ldap based
user and group module
> On Mar 17, 2008, at 23:55, Alex Samad <alex@samad.com.au> wrote:
>> Hi
>> On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:
>>> All --
>>> I went ahead and did something I've been meaning to do for a while:
>>> eliminate the dependency on JAAS configuration from JSPWiki. The idea
>>> was to get rid of the tweaks and hacks we use to configure the login
>>> process, and eliminate a bunch of configuration hassles.
>>> It's all ready to go: code, unit tests, javadoc and jspwiki comments.
>>> All I need is a 2.8 branch to put it in.
>>> Some more information about the refactoring:
>>> The technique I've employed does three things: it refactors
>>> AuthenticationManager, adds some responsibilities to  
>>> WikiServletFilter,
>>> and moves configuration of the login process to jspwiki.properties.  
>>> Best
>>> of all: the API changes are fairly small, and we re-use the existing
>>> LoginModules.
>>> The upsides to the new approach are many:
>>> - Elimination of the need to configure JAAS at runtime
>>> - Maintains backwards compatibility with any existing third-party
>>> LoginModules that may have been developed for JSPWiki
>>> - Adds the ability to use MORE LoginModules with JSPWiki (because we
>>> move responsibility for adding/deleting JSPWiki Roles out of the
>>> LoginModules, and into AuthenticationManager)
>>> - Removes the last barrier for "drop-in" deployments on ALL  
>>> containers
>>> (no need to worry about JAAS configuration)
>>> There are very few downsides, other than the fact that WikiContext  
>>> loses
>>> a few methods that were only used by one or two callers, and were  
>>> only
>>> public because of package boundaries.
>> going to show how much I don't know, but wasn't JAAS the method used  
>> to
>> access container authentication?
>>> Andrew
>> -- 
>> "Joe, I don't do nuance."
>>    - George W. Bush
>> 02/15/2004
>> to Sen. Joseph Biden, as quoted in Time

"If you're sick and tired of the politics of cynicism and polls and principles, come and join
this campaign."

	- George W. Bush
Hilton Head, S.C.

View raw message