You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2004/10/31 17:27:32 UTC

[jira] Created: (GERONIMO-410) Revise SecurityRealm getUserPrincipals/getGroupPrincipals

Revise SecurityRealm getUserPrincipals/getGroupPrincipals
---------------------------------------------------------

         Key: GERONIMO-410
         URL: http://issues.apache.org/jira/browse/GERONIMO-410
     Project: Apache Geronimo
        Type: Improvement
  Components: security  
    Versions: 1.0-M2    
    Reporter: Aaron Mulder


A security realm may provide any principal types it likes -- it does need need to use "users" and "groups".  What is the meaning of getUserPrincipal or getGroupPrincipal for a realm that provides principals of type "favorite color" or "country" or "automobile" or something else?  Also, not all security realms will be able to accomodate generalized regular expressions (it doesn't map well to SQL, for example, though Oracle 10g has some features along those lines).

What would be really helpful would be for each realm to provide a list of the principal classes it provides, and then a list of available principal names for each class.  This would let a deploy tool present a drop-down of principal classes, and then once selected, a drop-down of avaialble principals for role mapping.  I suggest something like:

/**
 * Gets the principal classes used by this realm
 */
public String[] getPrincipalClassNames();

/**
 * Gets the names of all the principals in the specified
 * principal class.  Should return null if the list of
 * principals is not available, or is too large to reasonably
 * present to a deployer in a pick list.
 */
public String[] getPrincipalNames(String className);


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (GERONIMO-410) Revise SecurityRealm getUserPrincipals/getGroupPrincipals

Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.

     [ http://nagoya.apache.org/jira/browse/GERONIMO-410?page=history ]
     
Aaron Mulder resolved GERONIMO-410:
-----------------------------------

     Resolution: Fixed
    Fix Version: 1.0-M4

Add DeploymentSupport interface in place of getters on the realm.  Now handles arbitrary principal classes instead of only "groups" and "users".

> Revise SecurityRealm getUserPrincipals/getGroupPrincipals
> ---------------------------------------------------------
>
>          Key: GERONIMO-410
>          URL: http://nagoya.apache.org/jira/browse/GERONIMO-410
>      Project: Apache Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>      Fix For: 1.0-M4

>
> A security realm may provide any principal types it likes -- it does need need to use "users" and "groups".  What is the meaning of getUserPrincipal or getGroupPrincipal for a realm that provides principals of type "favorite color" or "country" or "automobile" or something else?  Also, not all security realms will be able to accomodate generalized regular expressions (it doesn't map well to SQL, for example, though Oracle 10g has some features along those lines).
> What would be really helpful would be for each realm to provide a list of the principal classes it provides, and then a list of available principal names for each class.  This would let a deploy tool present a drop-down of principal classes, and then once selected, a drop-down of avaialble principals for role mapping.  I suggest something like:
> /**
>  * Gets the principal classes used by this realm
>  */
> public String[] getPrincipalClassNames();
> /**
>  * Gets the names of all the principals in the specified
>  * principal class.  Should return null if the list of
>  * principals is not available, or is too large to reasonably
>  * present to a deployer in a pick list.
>  */
> public String[] getPrincipalNames(String className);

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

[jira] Closed: (GERONIMO-410) Revise SecurityRealm getUserPrincipals/getGroupPrincipals

Posted by "Dain Sundstrom (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-410?page=all ]
     
Dain Sundstrom closed GERONIMO-410:
-----------------------------------


> Revise SecurityRealm getUserPrincipals/getGroupPrincipals
> ---------------------------------------------------------
>
>          Key: GERONIMO-410
>          URL: http://issues.apache.org/jira/browse/GERONIMO-410
>      Project: Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>      Fix For: 1.0-M4

>
> A security realm may provide any principal types it likes -- it does need need to use "users" and "groups".  What is the meaning of getUserPrincipal or getGroupPrincipal for a realm that provides principals of type "favorite color" or "country" or "automobile" or something else?  Also, not all security realms will be able to accomodate generalized regular expressions (it doesn't map well to SQL, for example, though Oracle 10g has some features along those lines).
> What would be really helpful would be for each realm to provide a list of the principal classes it provides, and then a list of available principal names for each class.  This would let a deploy tool present a drop-down of principal classes, and then once selected, a drop-down of avaialble principals for role mapping.  I suggest something like:
> /**
>  * Gets the principal classes used by this realm
>  */
> public String[] getPrincipalClassNames();
> /**
>  * Gets the names of all the principals in the specified
>  * principal class.  Should return null if the list of
>  * principals is not available, or is too large to reasonably
>  * present to a deployer in a pick list.
>  */
> public String[] getPrincipalNames(String className);

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira