[jira] Assigned: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules

8 Nov 2004 03:58:45 -0000 

     [ http://nagoya.apache.org/jira/browse/GERONIMO-424?page=history ]

Alan Cabrera reassigned GERONIMO-424:
-------------------------------------

    Assign To: Aaron Mulder  (was: Alan Cabrera)

> ConfigurationEntry support for multiple LoginModules
> ----------------------------------------------------
>
>          Key: GERONIMO-424
>          URL: http://nagoya.apache.org/jira/browse/GERONIMO-424
>      Project: Apache Geronimo
>         Type: Improvement
>   Components: security
>     Versions: 1.0-M2
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder

>
> The abstract class ConfigurationEntry has support for returning multiple 
> LoginModules (or more accurately, an array of AppConfigurationEntry's).  
> However, none of the concrete implementations allow this.
> It's a required feature in order for the 
> CallerIdentityUserPasswordRealmBridge to work, because that needs the 
> password to be put in the private credential set.  Currently we have one set 
> of login modules that actually authenticate you, and a different LoginModule 
> that populates the private credential set.  In order to be both behaviors, 
> you need to load both LoginModules, but currently the available 
> ConfigurationEntries can't be configured for that.
> A problem is that the ConfigurationEntry gets its data from a SecurityRealm, 
> and the SecurityRealm can only return a single AppConfigurationEntry (or 
> LoginModule).  It doesn't make sense to me to make the new "multiple 
> configuration entry" take multiple security realms as its input.  In concept, 
> you want one security realm with two login modules.
> So I think the change has to start by allowing a SecurityRealm to return 
> multiple AppConfgurationEntry values.
> Then we need the configuration syntax for the standard security realm GBeans 
> to change so that they can take multiple login modules, including the options 
> and control flags for each.  Like, you might want to use a vanilla 
> SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule (or 
> a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

Reply via email to