On Jun 10, 2005, at 10:26 AM, Michael Malgeri wrote:
Got a couple of security related questions:
1. �In the following snippet from thej2ee-secure-plan.xml file one of
possibly many login modules (which are connected by a reference tag)
are associated with the realm and the other block that appear above
the realm
<gbean name="demo-properties-login"
class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
� � � � <attribute name="controlFlag">REQUIRED</attribute>
� � � � <reference name="LoginModule">
� � � � � � <name>demo-properties-login</name>
� � � � </reference>
� � </gbean>
Each login module has a Flag, which I see in this case is "REQUIRED"
But shouldn't each login module have the ability to take "options",
which I don't see
Is there an "options"attribute? I know there is an "options" attribute
in the "LoginModuleGBean" that this block is associate with, but what
do you do in the case when there are multiple login modules, i.e.
multiple JaasLoginModuleUse gbeans and they each can have options?
2. �In a standard JAAS config file, there are "Application blocks"
that contain groups of login modules. it looks something like
App1{
Class Flag Options;
�Class Flag Options: etc}.
where each �"Class" , "Flag" and "Options" is for each login module
"What" tag/artifact/THING in the j2ee-secure-plan.xml file corresponds
to "App1" in the preceeding block ?
lets see if I can answer both questions at once, or if I just confuse
things further.
Each line Class Flag Options from (2) corresponds to a LoginModuleGbean
in geronimo, except we take out the flag.
Each App1 corresponds to a GenericSecurityRealm gbean.
We let you reuse a configured login module for several security realms.
Each GenericSecurityRealm gets a reference to a linked list of
LoginModuleUse gbeans, which supplies the order of login modules and
the Flag for each login module as used in the GenericSecurityRealm. It
may not be obvious from the j2ee-secure-plan but LoginModuleUse has a
reference to a next LoginModuleUse.
The examples in openejb have an alternate xml syntax that is much
clearer but I'm not sure it is completely approved by everyone.
thanks
david jencks
Michael Malgeri
Mgr Gluecode Client Technical Services
PHONE: 310-536-8355 x 14
FAX: 310-536-9062
CELLULAR: 310-704-6403
