[ http://nagoya.apache.org/jira/browse/GERONIMO-424?page=history ]
Alan Cabrera reassigned GERONIMO-424: ------------------------------------- Assign To: Aaron Mulder (was: Alan Cabrera) > ConfigurationEntry support for multiple LoginModules > ---------------------------------------------------- > > Key: GERONIMO-424 > URL: http://nagoya.apache.org/jira/browse/GERONIMO-424 > Project: Apache Geronimo > Type: Improvement > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Assignee: Aaron Mulder > > The abstract class ConfigurationEntry has support for returning multiple > LoginModules (or more accurately, an array of AppConfigurationEntry's). > However, none of the concrete implementations allow this. > It's a required feature in order for the > CallerIdentityUserPasswordRealmBridge to work, because that needs the > password to be put in the private credential set. Currently we have one set > of login modules that actually authenticate you, and a different LoginModule > that populates the private credential set. In order to be both behaviors, > you need to load both LoginModules, but currently the available > ConfigurationEntries can't be configured for that. > A problem is that the ConfigurationEntry gets its data from a SecurityRealm, > and the SecurityRealm can only return a single AppConfigurationEntry (or > LoginModule). It doesn't make sense to me to make the new "multiple > configuration entry" take multiple security realms as its input. In concept, > you want one security realm with two login modules. > So I think the change has to start by allowing a SecurityRealm to return > multiple AppConfgurationEntry values. > Then we need the configuration syntax for the standard security realm GBeans > to change so that they can take multiple login modules, including the options > and control flags for each. Like, you might want to use a vanilla > SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule (or > a hypothetical AuditTrailLoginModule) in addition to its standard LoginModule. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://nagoya.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira