OK, now I think I got it.
One final two-part question...hopefully.
There is a one-to-one association between a LoginModuleGBean gbean and a JaasLoginModuleUse gbean, correct?
Which property reference ties the two together?
Is the following
<gbean name="demo-properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
tied to the "name" property of this
<gbean name="demo-properties-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
or to the following reference of the same JaasLoginModuleUse gbean
<reference name="LoginModule">
<name>demo-properties-login</name>
</reference>
or something else?
Much appreciated
Michael Malgeri
Mgr Gluecode Client Technical Services
PHONE: 310-536-8355 x 14
FAX: 310-536-9062
CELLULAR: 310-704-6403
| David Jencks <[EMAIL PROTECTED]>
06/10/2005 04:35 PM
|
|
On Jun 10, 2005, at 11:26 AM, Michael Malgeri wrote:
>
> OK, so App1, in the standard jaas.config block, would correspond to a
> LoginModuleGbean as you stated. Thanks for clearing that up.
No!!
App1 corresponds to a GenericSecurityRealm which has a list of login
modules (via the LoginModuleUse gbeans)
>
> In a business application, would it be correct to say that "App1"
> might/should be named something like "Human_Resources_App" as opposed
> to "demo-properties-login"? I realize it has to be named "something"
> in the plan shipped with the distribution so "demo-properties-login"
> is OK. I'm just trying to clarify the concepts in my mind.
yes/
>
> If I'm correct then the "Human_Resource_App", as a basic composite
> application, may require multiple authentications to say a properties
> file for one part of it's functionality, a sql database for another
> part and an ldap server for yet another part. Each of these logins
> would be handled by a separate login module, correct?
yes.
>
> So the one thing that is still unclear is the fact that each login
> module, which are JaasLoginModuleUse bean linked together, can have
> their own separate set of options. The standard jaas.confi file has a
> 1 to many relationship between "App1" and login modules but I think
> you're suggesting below there's a one to one relationship, unless I'm
> reading it wrong.
LoginModuleGBeans have the login module class and the options
GenericSecurityRealm has an (ordered) list of (login module gbean +
option). Right now these take the slightly awkward form of a linked
list of LoginModuleUse gbeans.
Hope this is a little clearer.
thanks
david jencks
>
> m
>
> Michael Malgeri
> Mgr Gluecode Client Technical Services
> PHONE: 310-536-8355 x 14
> FAX: 310-536-9062
> CELLULAR: 310-704-6403
>
>
> David Jencks <[EMAIL PROTECTED]>
>
> 06/10/2005 10:45 AM
> Please respond to
> dev
>
> To
> [email protected]
> cc
> Subject
> Re: Security Config File questions
>
>
>
>
>
>
> On Jun 10, 2005, at 10:26 AM, Michael Malgeri wrote:
>
> >
> > Got a couple of security related questions:
> >
> > 1. In the following snippet from thej2ee-secure-plan.xml file one
> of
> > possibly many login modules (which are connected by a reference tag)
> > are associated with the realm and the other block that appear above
> > the realm
> >
> > <gbean name="demo-properties-login"
> > class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
> > <attribute name="controlFlag">REQUIRED</attribute>
> > <reference name="LoginModule">
> > <name>demo-properties-login</name>
> > </reference>
> > </gbean>
> >
> > Each login module has a Flag, which I see in this case is "REQUIRED"
> > But shouldn't each login module have the ability to take "options",
> > which I don't see
> > Is there an "options"attribute? I know there is an "options"
> attribute
> > in the "LoginModuleGBean" that this block is associate with, but
> what
> > do you do in the case when there are multiple login modules, i.e.
> > multiple JaasLoginModuleUse gbeans and they each can have options?
> >
> > 2. In a standard JAAS config file, there are "Application blocks"
> > that contain groups of login modules. it looks something like
> >
> > App1{
> > Class Flag Options;
> > Class Flag Options: etc}.
> >
> > where each "Class" , "Flag" and "Options" is for each login module
> >
> > "What" tag/artifact/THING in the j2ee-secure-plan.xml file
> corresponds
> > to "App1" in the preceeding block ?
>
> lets see if I can answer both questions at once, or if I just confuse
> things further.
>
> Each line Class Flag Options from (2) corresponds to a
> LoginModuleGbean
> in geronimo, except we take out the flag.
>
> Each App1 corresponds to a GenericSecurityRealm gbean.
>
> We let you reuse a configured login module for several security
> realms.
> Each GenericSecurityRealm gets a reference to a linked list of
> LoginModuleUse gbeans, which supplies the order of login modules and
> the Flag for each login module as used in the GenericSecurityRealm.
> It
> may not be obvious from the j2ee-secure-plan but LoginModuleUse has a
> reference to a next LoginModuleUse.
>
> The examples in openejb have an alternate xml syntax that is much
> clearer but I'm not sure it is completely approved by everyone.
>
> thanks
> david jencks
>
>
> >
> > Michael Malgeri
> > Mgr Gluecode Client Technical Services
> > PHONE: 310-536-8355 x 14
> > FAX: 310-536-9062
> > CELLULAR: 310-704-6403
>
>
