You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2007/07/10 17:36:04 UTC

[jira] Closed: (GERONIMO-3303) Simplify security authentication framework by removing "mixed" local/remote logins.

     [ https://issues.apache.org/jira/browse/GERONIMO-3303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-3303.
----------------------------------

    Resolution: Fixed

Committed in rev 554977.  This is likely to require little bits of additional cleanup, but I did some looking around in e.g. the testsuite plans.

> Simplify security authentication framework by removing "mixed" local/remote logins.
> -----------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3303
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3303
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.0-M6
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.0-M7
>
>
> Back at apachecon 2005 there was a big discussion where we decided to remove the parts of the geronimo authentication framework that let clients run login modules on the server.  See the email from me dated Dec 23, 2005, at 6:37 PM, Geronimo Security plans (from ApacheCon).
> I've finally replaced the remote login with something using the openejb protocol and removed the no longer needed code.  This is a big simplification.
> I've refactored the authentication stuff so that:
> - we still have a GeronimoLoginConfiguration
> - we can still (optionally) wrap principals to determine exactly which login module and realm they came from
> - all authentication happens in a single vm, no sneaky remoting stuff
> - we use the LoginContext to create the login modules directly from the AppConfigurationEntry[]
> - registering and unregistering the subject and inserting the identification principal is done by a login module automatically added by the GenericSecurityRealm, rather than the JaasSecuritySession
> This eliminates most of the hard to understand code including:
> JaasLoginCoordinator
> JaasSecuritySession
> JaasLoginService
> I've also removed the subject carrying protocol and the remoting jmx code since it isn't used.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.