You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2004/11/20 08:48:25 UTC

[jira] Resolved: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules

     [ http://nagoya.apache.org/jira/browse/GERONIMO-424?page=history ]
     
Aaron Mulder resolved GERONIMO-424:
-----------------------------------

     Resolution: Fixed
    Fix Version: 1.0-M4

Now each login module gets a GBean, and the security realm can take a list of login modules/flags (using properties-style syntax)

> ConfigurationEntry support for multiple LoginModules
> ----------------------------------------------------
>
>          Key: GERONIMO-424
>          URL: http://nagoya.apache.org/jira/browse/GERONIMO-424
>      Project: Apache Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0-M4

>
> The abstract class ConfigurationEntry has support for returning multiple LoginModules (or more accurately, an array of AppConfigurationEntry's).  However, none of the concrete implementations allow this.
> It's a required feature in order for the CallerIdentityUserPasswordRealmBridge to work, because that needs the password to be put in the private credential set.  Currently we have one set of login modules that actually authenticate you, and a different LoginModule that populates the private credential set.  In order to be both behaviors, you need to load both LoginModules, but currently the available ConfigurationEntries can't be configured for that.
> A problem is that the ConfigurationEntry gets its data from a SecurityRealm, and the SecurityRealm can only return a single AppConfigurationEntry (or LoginModule).  It doesn't make sense to me to make the new "multiple configuration entry" take multiple security realms as its input.  In concept, you want one security realm with two login modules.
> So I think the change has to start by allowing a SecurityRealm to return multiple AppConfgurationEntry values.
> Then we need the configuration syntax for the standard security realm GBeans to change so that they can take multiple login modules, including the options and control flags for each.  Like, you might want to use a vanilla SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule (or a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira