On Mon, 27 Dec 2004, David Jencks wrote:
> I wrote a test to verify that what I thought was happening is in fact
> happening. Only two principals are in the subject after both login
> modules have committed. See MultipleLoginDomainTest and uncomment the
> assertEquals line.
If your test is set up properly and fails, then it's a bug not a
deficiency in the strategy. I'll try to take a look at it too.
Aaron
> I think this test shows that, as it stands now, naming login modules
> provides no use in disambiguating principals. Either the different
> login modules use different principal classes, in which case you don't
> need the login domain name to tell them apart, or they use the same
> principal classes, in which case you cannot tell which modules they
> came from on the basis of the RealmPrincipals, so, again, the login
> domain name didn't help.
>
> As I mentioned earlier, the only solution I have thought of is to
> provide each named or specially marked login module with a separate
> principal and aggregate them ourselves in the JaasSecurityContext. I
> don't know what other effects this might have.
>
> thanks,
> david jencks
