You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Donald Woods (JIRA)" <ji...@apache.org> on 2007/09/25 21:36:51 UTC

[jira] Updated: (GERONIMO-3407) SubjectRegistrationLoginModule conceptually can't work.

     [ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Donald Woods updated GERONIMO-3407:
-----------------------------------

    Fix Version/s:     (was: 2.0)
                       (was: 2.0.x)
                   2.0.1

updated Fixed For field

> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
>                 Key: GERONIMO-3407
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3407
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0, 2.0.x, 2.1
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0.1, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work.  The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it.  That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one.  However, if any previous LM is marked REQUISITE no further modules will be processed.  Therefore we have to register the subjects in some other way.  Just maybe we could "preregister" the subject but determine the ACC lazily??

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.