Jaas authentication service

[Ryan Slack <ry...@evine.ca>]

After fighting with container managed security to get true single-signon 
(not just container wide signon), I have decided I need to role my own. 
Below is a *quick* overview of a working system I have, but one which I 
feel has some potintial, pending input from the wider community.

-------------
The basic idea is to provide an authentication service to login and logout.
This service will be built on HiveMind using Jaas, and can be thought of 
as "Jaas Authentication for Tapestry", but could work for any HiveMind 
(or IoC) based application.

There are two main services: a CallbackHandlerService, and a 
AuthenticationService, along with a handfull of services that implement 
CallbackHandler.

The CallbackHandlerService is the CallbackHandler instance used in 
createing a new Jaas LoginContext instance. It dispatchs Callbacks to an 
appropriate CallbackHandler service, which are registered with it via a 
HiveMind contribution point. These deligate CallbackHandlers can be 
injected with any information they need, allowing any number of ways to 
get the authentication data into the Jaas LoginModules.

The AuthenticationService is mostly a wrapper around a LoginContext, but 
also handels any extra authentication tasks, such as storing the Subject 
where the application server will find and use it. Since the afore 
mentioned CallbackHandler services should know how to get the 
information needed, the application need only to call 
authenticationService.login(), and wait for the result.
-----------

While I know there are many views on what the best way to handel 
authentication and authorization is, I like Jaas, and feel that this 
type of system keeps things flexable.

Thx for the input,
--Ryan


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org