You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Quintin Beukes <qu...@last.za.net> on 2009/10/08 19:43:34 UTC
Security Concern
Can a new login module be deliberately loaded after the first
InitialContext was started, ie. login configuration has been parsed.
Is there any way a login configuration/module can be loaded
automatically AT ALL?
Quintin Beukes
Re: Security Concern
Posted by David Blevins <da...@visi.com>.
On Oct 9, 2009, at 1:31 AM, Quintin Beukes wrote:
> Though what I was wondering about is, since you can change which
> login.config file should be loaded by the system property, could a new
> one be loaded, or does this code get executed ONLY once?
That I don't know. We set the 'java.security.auth.login.config'
property at startup and it's the VM that does the reading. We do
attempt a "null" login at startup in attempts to eagerly flush out any
issues with the config file. Not sure if the VM will consult that
property again.
If you find out, definitely share. You have me curious as well.
-David
Re: Security Concern
Posted by Quintin Beukes <qu...@skywalk.co.za>.
Though what I was wondering about is, since you can change which
login.config file should be loaded by the system property, could a new
one be loaded, or does this code get executed ONLY once?
Quintin Beukes
On Fri, Oct 9, 2009 at 7:58 AM, David Blevins <da...@visi.com> wrote:
>
> On Oct 8, 2009, at 10:43 AM, Quintin Beukes wrote:
>
>> Can a new login module be deliberately loaded after the first
>> InitialContext was started, ie. login configuration has been parsed.
>>
>> Is there any way a login configuration/module can be loaded
>> automatically AT ALL?
>
> Only way to add a new LoginModule is by editing the conf/login.config file.
> There's no way to do it programmatically in the client or server.
>
> -David
>
>
Re: Security Concern
Posted by David Blevins <da...@visi.com>.
On Oct 8, 2009, at 10:43 AM, Quintin Beukes wrote:
> Can a new login module be deliberately loaded after the first
> InitialContext was started, ie. login configuration has been parsed.
>
> Is there any way a login configuration/module can be loaded
> automatically AT ALL?
Only way to add a new LoginModule is by editing the conf/login.config
file. There's no way to do it programmatically in the client or server.
-David