You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Andrew Jaquith <an...@mac.com> on 2008/03/18 06:08:36 UTC
Some 2.8 auth improvements
All --
I went ahead and did something I've been meaning to do for a while:
eliminate the dependency on JAAS configuration from JSPWiki. The idea
was to get rid of the tweaks and hacks we use to configure the login
process, and eliminate a bunch of configuration hassles.
It's all ready to go: code, unit tests, javadoc and jspwiki comments.
All I need is a 2.8 branch to put it in.
Some more information about the refactoring:
The technique I've employed does three things: it refactors
AuthenticationManager, adds some responsibilities to
WikiServletFilter, and moves configuration of the login process to
jspwiki.properties. Best of all: the API changes are fairly small, and
we re-use the existing LoginModules.
The upsides to the new approach are many:
- Elimination of the need to configure JAAS at runtime
- Maintains backwards compatibility with any existing third-party
LoginModules that may have been developed for JSPWiki
- Adds the ability to use MORE LoginModules with JSPWiki (because we
move responsibility for adding/deleting JSPWiki Roles out of the
LoginModules, and into AuthenticationManager)
- Removes the last barrier for "drop-in" deployments on ALL containers
(no need to worry about JAAS configuration)
There are very few downsides, other than the fact that WikiContext
loses a few methods that were only used by one or two callers, and
were only public because of package boundaries.
Andrew
Re: Some 2.8 auth improvements
Posted by Andrew Jaquith <an...@mac.com>.
Meh. I plus-one'd a while ago. But then, I've got few localization
issues to worry about. :)
On Mar 18, 2008, at 15:16, Janne Jalkanen <Ja...@ecyrd.com>
wrote:
>>
>> It's all ready to go: code, unit tests, javadoc and jspwiki
>> comments. All I need is a 2.8 branch to put it in.
>
> I'm still waiting for +1s for 2.6.2 release... *wink, wink, nudge,
> nudge*
>
> /Janne
Re: Some 2.8 auth improvements
Posted by Murray Altheim <mu...@altheim.com>.
Janne Jalkanen wrote:
>>
>> It's all ready to go: code, unit tests, javadoc and jspwiki comments.
>> All I need is a 2.8 branch to put it in.
>
> I'm still waiting for +1s for 2.6.2 release... *wink, wink, nudge, nudge*
No issues so far from my side on testing. Will hope to do more later this
week, but don't want to hold up the show, so
+1
Murray
...........................................................................
Murray Altheim <murray07 at altheim.com> === = =
http://www.altheim.com/murray/ = = ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk = = = =
Boundless wind and moon - the eye within eyes,
Inexhaustible heaven and earth - the light beyond light,
The willow dark, the flower bright - ten thousand houses,
Knock at any door - there's one who will respond.
-- The Blue Cliff Record
Re: Some 2.8 auth improvements
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
>
> It's all ready to go: code, unit tests, javadoc and jspwiki
> comments. All I need is a 2.8 branch to put it in.
I'm still waiting for +1s for 2.6.2 release... *wink, wink, nudge,
nudge*
/Janne
Re: Some 2.8 auth improvements
Posted by Alex Samad <al...@samad.com.au>.
On Tue, Mar 18, 2008 at 12:44:33AM -0600, Andrew Jaquith wrote:
> Hey Alex -- you asked a fine question. We do indeed use JAAS
> LoginModules to access container credentials. Those will still be used
> in 2.8.. What changes is the need to rely on JVM-wide JAAS
> *configuration* -- specifically the need to obtain a LoginContext from
> the JVM-wide config.
>
> The new strategy keeps the stuff that works (the LoginModule classes)
> and kills the stuff that is annoying (the need for a JAAS config file
> aka jspwiki.jaas..
sounds great, does this also mean it will be easier to have ldap based
user and group module
>
> On Mar 17, 2008, at 23:55, Alex Samad <al...@samad.com.au> wrote:
>
>> Hi
>>
>> On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:
>>> All --
>>>
>>> I went ahead and did something I've been meaning to do for a while:
>>> eliminate the dependency on JAAS configuration from JSPWiki. The idea
>>> was to get rid of the tweaks and hacks we use to configure the login
>>> process, and eliminate a bunch of configuration hassles.
>>>
>>> It's all ready to go: code, unit tests, javadoc and jspwiki comments.
>>> All I need is a 2.8 branch to put it in.
>>>
>>> Some more information about the refactoring:
>>>
>>> The technique I've employed does three things: it refactors
>>> AuthenticationManager, adds some responsibilities to
>>> WikiServletFilter,
>>> and moves configuration of the login process to jspwiki.properties.
>>> Best
>>> of all: the API changes are fairly small, and we re-use the existing
>>> LoginModules.
>>>
>>> The upsides to the new approach are many:
>>> - Elimination of the need to configure JAAS at runtime
>>> - Maintains backwards compatibility with any existing third-party
>>> LoginModules that may have been developed for JSPWiki
>>> - Adds the ability to use MORE LoginModules with JSPWiki (because we
>>> move responsibility for adding/deleting JSPWiki Roles out of the
>>> LoginModules, and into AuthenticationManager)
>>> - Removes the last barrier for "drop-in" deployments on ALL
>>> containers
>>> (no need to worry about JAAS configuration)
>>>
>>> There are very few downsides, other than the fact that WikiContext
>>> loses
>>> a few methods that were only used by one or two callers, and were
>>> only
>>> public because of package boundaries.
>> going to show how much I don't know, but wasn't JAAS the method used
>> to
>> access container authentication?
>>
>>>
>>> Andrew
>>>
>>
>> --
>> "Joe, I don't do nuance."
>>
>> - George W. Bush
>> 02/15/2004
>> to Sen. Joseph Biden, as quoted in Time
>
--
"If you're sick and tired of the politics of cynicism and polls and principles, come and join this campaign."
- George W. Bush
02/16/2000
Hilton Head, S.C.
Re: Some 2.8 auth improvements
Posted by Andrew Jaquith <an...@mac.com>.
Hey Alex -- you asked a fine question. We do indeed use JAAS
LoginModules to access container credentials. Those will still be used
in 2.8.. What changes is the need to rely on JVM-wide JAAS
*configuration* -- specifically the need to obtain a LoginContext from
the JVM-wide config.
The new strategy keeps the stuff that works (the LoginModule classes)
and kills the stuff that is annoying (the need for a JAAS config file
aka jspwiki.jaas..
On Mar 17, 2008, at 23:55, Alex Samad <al...@samad.com.au> wrote:
> Hi
>
> On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:
>> All --
>>
>> I went ahead and did something I've been meaning to do for a while:
>> eliminate the dependency on JAAS configuration from JSPWiki. The idea
>> was to get rid of the tweaks and hacks we use to configure the login
>> process, and eliminate a bunch of configuration hassles.
>>
>> It's all ready to go: code, unit tests, javadoc and jspwiki comments.
>> All I need is a 2.8 branch to put it in.
>>
>> Some more information about the refactoring:
>>
>> The technique I've employed does three things: it refactors
>> AuthenticationManager, adds some responsibilities to
>> WikiServletFilter,
>> and moves configuration of the login process to jspwiki.properties.
>> Best
>> of all: the API changes are fairly small, and we re-use the existing
>> LoginModules.
>>
>> The upsides to the new approach are many:
>> - Elimination of the need to configure JAAS at runtime
>> - Maintains backwards compatibility with any existing third-party
>> LoginModules that may have been developed for JSPWiki
>> - Adds the ability to use MORE LoginModules with JSPWiki (because we
>> move responsibility for adding/deleting JSPWiki Roles out of the
>> LoginModules, and into AuthenticationManager)
>> - Removes the last barrier for "drop-in" deployments on ALL
>> containers
>> (no need to worry about JAAS configuration)
>>
>> There are very few downsides, other than the fact that WikiContext
>> loses
>> a few methods that were only used by one or two callers, and were
>> only
>> public because of package boundaries.
> going to show how much I don't know, but wasn't JAAS the method used
> to
> access container authentication?
>
>>
>> Andrew
>>
>
> --
> "Joe, I don't do nuance."
>
> - George W. Bush
> 02/15/2004
> to Sen. Joseph Biden, as quoted in Time
Re: Some 2.8 auth improvements
Posted by Alex Samad <al...@samad.com.au>.
Hi
On Mon, Mar 17, 2008 at 11:08:36PM -0600, Andrew Jaquith wrote:
> All --
>
> I went ahead and did something I've been meaning to do for a while:
> eliminate the dependency on JAAS configuration from JSPWiki. The idea
> was to get rid of the tweaks and hacks we use to configure the login
> process, and eliminate a bunch of configuration hassles.
>
> It's all ready to go: code, unit tests, javadoc and jspwiki comments.
> All I need is a 2.8 branch to put it in.
>
> Some more information about the refactoring:
>
> The technique I've employed does three things: it refactors
> AuthenticationManager, adds some responsibilities to WikiServletFilter,
> and moves configuration of the login process to jspwiki.properties. Best
> of all: the API changes are fairly small, and we re-use the existing
> LoginModules.
>
> The upsides to the new approach are many:
> - Elimination of the need to configure JAAS at runtime
> - Maintains backwards compatibility with any existing third-party
> LoginModules that may have been developed for JSPWiki
> - Adds the ability to use MORE LoginModules with JSPWiki (because we
> move responsibility for adding/deleting JSPWiki Roles out of the
> LoginModules, and into AuthenticationManager)
> - Removes the last barrier for "drop-in" deployments on ALL containers
> (no need to worry about JAAS configuration)
>
> There are very few downsides, other than the fact that WikiContext loses
> a few methods that were only used by one or two callers, and were only
> public because of package boundaries.
going to show how much I don't know, but wasn't JAAS the method used to
access container authentication?
>
> Andrew
>
--
"Joe, I don't do nuance."
- George W. Bush
02/15/2004
to Sen. Joseph Biden, as quoted in Time