You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2008/12/04 09:39:44 UTC

[jira] Closed: (GERONIMO-4445) Make it possible to set up GeronimoLoginConfiguration instances containing specific security realms and to exclude others.

     [ https://issues.apache.org/jira/browse/GERONIMO-4445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-4445.
----------------------------------

    Resolution: Fixed

Implementation in rev 723240.  I added a "publish" flag to the SecurityRealm (default true) and a "publish anyway" flag to GeronimoLoginConfiguration (default false).  SimpleCredentialStore can have a collection of realms: if present it constructs a GeronimoLoginConfiguration using those realms with "publish anyway" true and uses it to log in the info to create the subjects.

> Make it possible to set up GeronimoLoginConfiguration instances containing specific security realms and to exclude others.
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4445
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4445
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>
> Currently there can really only be one GeronimoLoginConfiguration and it finds out about all security realms.  There are several uses for additional Configuration instances and for excluding security realms from the "default" GeronimoLoginConfiguration:
> - run-as and default subject support require securiy realms to create the subjects.  You might want these security realms to be only accessible through CredentialStore instances and not externally: this allows setting up privileged Subjects without a password.
> - jaspi auth modules can use JAAS by supplying a Configuration instance.  This will allows use of the GeronimoLoginConfiguration here.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.