You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/08/14 01:47:30 UTC
[jira] Created: (GERONIMO-3407) SubjectRegistrationLoginModule
conceptually can't work.
SubjectRegistrationLoginModule conceptually can't work.
-------------------------------------------------------
Key: GERONIMO-3407
URL: https://issues.apache.org/jira/browse/GERONIMO-3407
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0, 2.0.x, 2.1
Reporter: David Jencks
Assignee: David Jencks
Fix For: 2.0, 2.0.x, 2.1
The idea of SubjectRegistrationLoginModule while attractive just can't work. The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it. That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one. However, if any previous LM is marked REQUISITE no further modules will be processed. Therefore we have to register the subjects in some other way. Just maybe we could "preregister" the subject but determine the ACC lazily??
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3407) SubjectRegistrationLoginModule
conceptually can't work.
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-3407:
-----------------------------------
Fix Version/s: (was: 2.0)
(was: 2.0.x)
2.0.1
updated Fixed For field
> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
> Key: GERONIMO-3407
> URL: https://issues.apache.org/jira/browse/GERONIMO-3407
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.1, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work. The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it. That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one. However, if any previous LM is marked REQUISITE no further modules will be processed. Therefore we have to register the subjects in some other way. Just maybe we could "preregister" the subject but determine the ACC lazily??
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3407) SubjectRegistrationLoginModule
conceptually can't work.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-3407.
----------------------------------
Resolution: Fixed
Kevan merged this into 2.0.1 in rev 565912 and 2.0-SNAPSHOT in rev 565936
> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
> Key: GERONIMO-3407
> URL: https://issues.apache.org/jira/browse/GERONIMO-3407
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0, 2.0.x, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work. The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it. That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one. However, if any previous LM is marked REQUISITE no further modules will be processed. Therefore we have to register the subjects in some other way. Just maybe we could "preregister" the subject but determine the ACC lazily??
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3407) SubjectRegistrationLoginModule
conceptually can't work.
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546201 ]
Vamsavardhana Reddy commented on GERONIMO-3407:
-----------------------------------------------
At Revision: 598938
o Deleted SubjectRegistrationLoginModule.java that should have been deleted from branches\2.0 in rev 565936.
> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
> Key: GERONIMO-3407
> URL: https://issues.apache.org/jira/browse/GERONIMO-3407
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.1, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work. The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it. That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one. However, if any previous LM is marked REQUISITE no further modules will be processed. Therefore we have to register the subjects in some other way. Just maybe we could "preregister" the subject but determine the ACC lazily??
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3407) SubjectRegistrationLoginModule
conceptually can't work.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12519625 ]
David Jencks commented on GERONIMO-3407:
----------------------------------------
Fixed in trunk rev 565657. I added login and logout methods to ContextManager that also handle the subject registration/unregistration steps and modified code that used to call LoginContext.login and logout to use the methods on ContextManager as well.
Needs to be ported to branches/2.0 and the 2.0.1 release.
> SubjectRegistrationLoginModule conceptually can't work.
> -------------------------------------------------------
>
> Key: GERONIMO-3407
> URL: https://issues.apache.org/jira/browse/GERONIMO-3407
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.0, 2.0.x, 2.1
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0, 2.0.x, 2.1
>
>
> The idea of SubjectRegistrationLoginModule while attractive just can't work. The idea behind subject registration is that we want to compute the AccessControlContext for a subject once and cache it. That can only be done once the subject is fully populated by all login modules, so if the ACC is determined by a login module it must be the last one. However, if any previous LM is marked REQUISITE no further modules will be processed. Therefore we have to register the subjects in some other way. Just maybe we could "preregister" the subject but determine the ACC lazily??
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.