On Mon, 22 Nov 2004, Jeff Genender wrote:
> This is good...this should get the raw Tomcat JAASRealm to work for
> authorization. I just coded up a special JAASTomcatRealm that called
> the ContextManager.getServerSideSubject and now I can ditch it since it
> looks like the JaasLoginCoordinator is populating the subject.
I'm not sure you're right -- the JAASTomcatRealm should be using
RealmPrincipals, which are not currently returned. I need to talk this
over with Alan:
Alan D. Cabrera wrote:
> I think that we should return the realm principals as well for all the
> same reasons that we have realm principals in the first place.
Last time we talked you wanted to return everything except the
RealmPrincipals... why the change of heart?
What if we change the JaasLoginCoordinator to load the
RealmPrincipals if it is used within the same JVM as the server, but not
if it connects over the network? That may be the best balance of "give
other server components what they neeed" and "don't expose Geronimo
security internals to clients".
Aaron
