Richard Wallace wrote:
Hey guys,
I've been working with Larry on a AAA (Authentication/Authorization/Auditing) framework for cornerstone. One of the things that we're discussing is if we should have support for multiple Realms similar to the way PAM and JAAS have multiple LoginModules. I'm thinking that it would be similar in function to the way JAAS does it, but alleviates the need for relying on the JAAS API and creating a JAASRealm that would have to be used to get this feature.
I have two questions about this, I guess: 1) Does this sound like a feature people would be interested in? If there isn't a lot of need for it we'll put it on the back burner and maybe write an implementation later that will support it.
Yes, I'm iunterested in seeing multiple realms.
2) We're deciding that (at least within phoenix) Realms will be
configured and provided to the Authenticator as blocks.
+1 (and I'm assuming when you say block, you actually mean a component + meta-info .. which is equivalent to the notion of a block)
So, if we
decide to support multiple realms how do we provide multiple components
that implement the same role (in this case Realm) to a Serviceable
component? Or would that not be the right interface to implement?
Yes and no. Some possible approaches:
1. Create an Authenticator component that has a dependecy of a RealmSet component. The RealSet establishes the realms using whatever implementation magic it likes (via configuration info, via dynamic lookup of available realms in a directory or file-system, etc). The kernel will supply the RealmSet to the Authenticator based on the dependecies you declare.
2. If is a pure Phoenix environment, then you could use a block listener aggregate the set of realms and wire these to the Authenticator.
My preference would be for option 1.
What, other than Serviceable, should it become to accomplish this?
Serviceable is what you should be using if you declare dependecies - the quetion is - are yuou declaring a dependecy on a single realm, or a component that enables you to select one or more realms.
Cheers, Steve.
--
Stephen J. McConnell
OSM SARL digital products for a global economy mailto:[EMAIL PROTECTED] http://www.osm.net
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
