This is good...this should get the raw Tomcat JAASRealm to work for authorization. I just coded up a special JAASTomcatRealm that called the ContextManager.getServerSideSubject and now I can ditch it since it looks like the JaasLoginCoordinator is populating the subject.
Aaron..good work...you beat us to the punch. I sent a patch (w/adc's help - thanks) to adc that did as you stated below because I needed it for Tomcat. I was just writing the unit tests for it ;-) Oh well...it was a good opportunity to look at the security code!
Thanks, as this is really going to help get the JAAS working in Tomcat.
Jeff
Alan D. Cabrera wrote:
I think that we should return the realm principals as well for all the same reasons that we have realm principals in the first place. Just a heads up on the context manager. I'm correnty reworking it to clean it up and include interop.
Regards,
Alan
-----Original Message----- From: Aaron Mulder [mailto:[EMAIL PROTECTED] Sent: Mon 11/22/2004 9:26 PM To: [EMAIL PROTECTED] Cc: Subject: Overview of Latest Security Changes
<snip>list o great work</snip>
I also changed the login service so it returns principals generated by server-side login modules to the client and the JaasLoginCoordinator puts them into the Subject (not RealmPrincipals, though). This is controlled by a new GBean attribute on the realm. Note that the J2EE containers will still need to call ContextManager.getServerSideSubject in order to get the RealmPrincipals -- though we may want to handle that "automagically" in the JaasLoginCoordinator when it is actually run on the server side. Finally, I added a simple auditing login module and some tests with two login modules in place. Aaron
