Oleg Nitz wrote:
> <bla>
> You can have multiple application entries in auth.conf,
> say entry1, entry2,..., they would be referenced in jboss.xml as
> jaas/entry1, jaas/entry2, etc. These names are bind to JNDI
> dynamically: deployer tries to resolve "jaas/entry1", JNDI finds name
> "jaas", which refers to JaasSecurityManagerService and asks it to
> return the Context, then performs lookup("entry1") in the returned
> context. Thus, the EJBSecurityManager/RealmMapping instances are
> created lazily.
> <bla>
Ahhh, thanks, got it!
Now it seems we ve got a basically working security layer :-)
But of course there are a lot of things left to do:
1. Documentation
Oleg, do you already have something like that? If so, could you forward
it?
2. the SecurityAssociation
... on the client side works global (static) to follow the idea of jaas
it should work thread based, so the principal/credential should be
ThreadLocal on the client side too.
Furthermore would I suggest to take the principal/credential information
somehow from the Subject that is currently executing the thread and not
to put it into a static place from within the LoginModule. I dont know
yet how Tomcat works with that but I will have a look at it right now..
3. JRMP over SSL?
\Daniel
