On Friday 15 December 2000 02:40, Scott M Stark wrote:
> Hi Oleg, I'm going to breakup my followup comments across a couple mails to
> reduce the signal to noise ratio.
>
> > > > Principal for EJB security should contain a set of roles as its
> > > > attribute.
> > >
> > > Here I don't agree. The roles are a subset of the Principals associated
> > > with the Subject executing the EJB.
> >
> > New mapping "EJB security -> JAAS" was born.
>
> I agree with this change, but JAAS is Subject based, not Principal based.
> My view of JAAS is that the Subject is the key object and its contains one
> or more Principals + public/private creditials. Principals are not smart
> objects. They are strings, X509 certs, etc. They can only compare agaist
> each other and give you a string name.
Let's read JAAS notions definitions rather than look at common examples.
Otherwise the task of "EJB security -> JAAS" mapping can't be solved.
If Principals are string, Public Credentials are public keys and Private
Credentials are private keys, then we should just give up.
> > Okay, how do you define to which security view the given
> > Principal-principal or Principal-role belongs?
> > Either we need Principal.getSecurityView() method, i.e. we go outside of
> > the public interfaces, or we need different classes for different
> > security views, which is in general acceptable, but kills the idea of
> > parameterized class which serves to several security views.
> >
> > > Neither Subject nor Principal support
> > > the notion of attributes so you would have to go outside of the public
> > > interfaces to implement this.
> >
> > This is what Edward proposes.
>
> I'm not clearly understanding what you mean by a security view. In the
> current architecture The JaasSecurityManager handles the
> securityManager.isValid( principal, credential )
> realmMapping.doesUserHaveRole( principal, methodPermissions )
> calls made by the SecurityInterceptor and uses the beanName as the
> LoginContext name. Is the beanName the security view?
In general no.
This term is from Security section of EJB specifications were the general
intentions of EJB security model are described.
Security view is a set of EJB roles with some business/security
interpetation, I'm not sure about the exact wording.
It is recommended to use one such set throughout one EJB application, where
EJB application is a set of beans, probably from one ear file.
Of course, the security view can be used for several ear files, but in
general not for all.
In JBoss the security view corresponds to RealmMapping instance which is
referenced by role-mapping-manager element in jboss.xml (or
standardjboss.xml).
If we have one Subject and multiple security views, we need a way to extract
the bean principal and the set of roles for the particular bean.
If we have one Subject per security view (the current model), then we can
easily use your idea and move the set of roles from the set of
PublicCredentials to the set of Principals.
Oleg
