OK Oleg
here's my thinking which is based on both the JAAS documentation I've read
from the sun site and some common sense (gulp!).
If we assume your approach then that means for Edward Kenworthy, who can
login into jBoss as Edward and has a password of EKPassword and the roles of
FinancialAdvisor and SalesManager I would have the following object
structure
EdwardKenworthy(subject)
|
|--------->EKPassword which is for the jBossAppserver (private credential)
|--------->FinancialAdvisor, role on the jBossAppserver (public credential)
|--------->SalesManager, role on the jBossAppserver (public credential)
|
Edward(principal) a user on the jBoss Appserver
Why should the roles, which are specific to me on the appserver (eg the
Principal) be tied to the Subject ?
I think the structure should be:
EdwardKenworthy(subject)
|
Edward(principal) a user on the jBoss Appserver
|
|--------->EKPassword which is for the jBossAppserver (private credential
|--------->FinancialAdvisor, role on the jBossAppserver (public credential)
|--------->SalesManager, role on the jBossAppserver (public credential)
The problem I have is that the subject has credentials and subject has
principals doesn't really support this ! (Perhaps the basic model of
passwords being associated with the subject is flawed, surely they should be
associated with the principal in both our models ?)
I've been trying to find a text that clearly differentiates between
subject/principal/credentials and explains the thinking but I haven't been
able to find one yet.
Edward
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: 11 December 2000 12:50
To: jBoss
Subject: Re[2]: [jBoss-User] Security
Hi Edward,
Kenworthy, Edward wrote:
> Ok I now have it all working ! I've re-written the ServerLoginModule so
that
> it reads usernames and passwords from one properties file and usernames
and
> roles from another. Which is exactly what I need for client and bean
> development, as I won't have to modify them when I re-implement my
> ServerLoginModule to use the "real" security mechanism. (I still use
> setPublicCredential() to tie roles to Subjects but I think a role should
> really be a Principal - but I'll hold off on that as that would require a
> change to JaasSecurityManager.
Do you mean that SimplePrincipal should be replaces by some
JaasPrincipal, which would contain the set of roles?
I have no objections, but I'd like to know your reasoning.
> Would anyone be interested in my writing up what I did, including every
> useful tid-bit people have posted here plus what I learned doing it ?
Sure, any kind of docs of JAAS security in jBoss is appreciated.
Not sure who specifically will process it into the official docs, though.
Also, if you feel that your implementation of ServerLoginModule may be
useful for other people, you may wish to contribute it ;-)
Best regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
