Hey Christian, I am not sure *if* thats really good direction. I haven't seen option like this before in other JAAS module implementations, but I may have limited view for this. A proper way to do that with JAAS is to use control flags like required, sufficient or optional. that's the way how overall JAAS was designed. If you really need additional principals attached to subject you can add them in certificate login module/code, don't you?
Best regards, Łukasz W dniu poniedziałek, 4 marca 2013 użytkownik Christian Schneider napisał: > I have created an issue to introduce a suitable switch to skip > authentication. > > https://issues.apache.org/**jira/browse/KARAF-2219<https://issues.apache.org/jira/browse/KARAF-2219> > > Christian > > On 04.03.2013 13:19, Guillaume Nodet wrote: > >> The authentication part is already switchable, you can have a custom login >> module which will just return true without doing any real authentication. >> However, that's kind of a security breach if you put it by default. So >> you >> need to make sure that is only done in a custom jaas configuration which >> is >> not usedby the container itself for security. >> >> >> On Mon, Mar 4, 2013 at 12:25 PM, Christian Schneider < >> ch...@die-schneider.net> wrote: >> >> On 04.03.2013 12:11, Guillaume Nodet wrote: >>> >>> Shouldn't STS delegate certificate authentication to the underlying JAAS >>>> system ? >>>> >>>> I also thought about this but at the moment STS uses policies to define >>> the auth method. So ws-security automatically kicks in. Of course we >>> could >>> use a custom >>> validator that delegates to JAAS. In this case we would have to define a >>> way to forward all credentials to JAAS (like Certificate and Signature). >>> >>> Independent of this possibility what do you think about making the >>> authentication part switchable? I think this could help for other cases >>> too >>> where e.g. you want to authenticate using ldap but have roles in a db or >>> similar. >>> >>> >>> Christian >>> >>> -- >>> Christian Schneider >>> http://www.liquid-reality.de >>> >>> Open Source Architect >>> http://www.talend.com >>> >>> >>> >> > > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > http://www.talend.com > >
