At javaone I discussed some issues which Alan about our current login
system and wrapping principals. At the time I was sure I understood
how our current code works but after reviewing it I'm not so sure any
more :-)
Anyway, IIUC we agreed that:
-the security/permissions mapping system should work with both wrapped
and unwrapped principals
-if a login module is going to have its principals wrapped, it will be
supplied a new, empty subject. The principals the lm adds will be
copied to the "real" subject and wrapped principals for each of these
principals will be added. This avoids the problem that if two lms add
exactly the same principal it is impossible to tell which one added it
to the set of principals in the subject. (at the time I was sure that
this "new subject" feature wasn't there, but after looking at the code
I can't tell).
-if a login module is not going to have its principals wrapped, it will
get the "real" subject. This is useful for auditing lms, and various
kinds of principal/credential mapping schemes as may be needed for
connectors and web service identity propagation.
This is going to require a new flag "wrapPrincipals" which I guess
should go in the LoginModuleUse together with the
REQUIRED/OPTIONAL/SUFFICIENT/... flag.
As a side note, I find the login code almost impossible to understand,
and I hope we can find some way to comment and/or reorganize it so what
it does is easier to figure out from the code. As far as I can tell
what it does is really powerful and useful, and I think if it was more
accessible it would be used more to good effect.
Many thanks
david jencks
