On Jul 1, 2005, at 6:02 PM, David Jencks wrote:
At javaone I discussed some issues which Alan about our current
login system and wrapping principals. At the time I was sure I
understood how our current code works but after reviewing it I'm
not so sure any more :-)
Anyway, IIUC we agreed that:
-the security/permissions mapping system should work with both
wrapped and unwrapped principals
-if a login module is going to have its principals wrapped, it will
be supplied a new, empty subject. The principals the lm adds will
be copied to the "real" subject and wrapped principals for each of
these principals will be added. This avoids the problem that if
two lms add exactly the same principal it is impossible to tell
which one added it to the set of principals in the subject. (at
the time I was sure that this "new subject" feature wasn't there,
but after looking at the code I can't tell).
-if a login module is not going to have its principals wrapped, it
will get the "real" subject. This is useful for auditing lms, and
various kinds of principal/credential mapping schemes as may be
needed for connectors and web service identity propagation.
This is going to require a new flag "wrapPrincipals" which I guess
should go in the LoginModuleUse together with the REQUIRED/OPTIONAL/
SUFFICIENT/... flag.
+0 I don't really understand the security code, but this sounds
reasonable
As a side note, I find the login code almost impossible to
understand, and I hope we can find some way to comment and/or
reorganize it so what it does is easier to figure out from the
code. As far as I can tell what it does is really powerful and
useful, and I think if it was more accessible it would be used more
to good effect.
+100000000000000000000000000
One day I would like to understand the security code :)
-dain
