Edward,
You propose redesign of JAAS stuff,
I think this thread should be moved to jboss-dev.
Oleg
On Thursday 14 December 2000 12:55, Kenworthy, Edward wrote:
> Hi Oleg
>
> -----Original Message-----
> From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
> Sent: 14 December 2000 09:50
> To: jBoss
> Subject: Re: [jBoss-User] Security Walkthrough/How To/Tutorial, first
> cut
>
> >Hi Edward,
> >
> >Okay, I'll try to express to idea of time-limited cache of Subjects in
>
> other
>
> >words, maybe than this would sound better.
> >Let's say that jBoss authentication has an expiration time,
> >when it expires the Subject is forced to log out.
>
> That's precisely the issue ! You can't "log-out" a Subject - you can only
> Log-Out the Principal(s).
>
> >On Wednesday 13 December 2000 10:49, Kenworthy, Edward wrote:
> >> Hi Oleg
> >>
> >> Hmm thinking about this more I am not sure that this would work.
> >> Credentials are attached to Subject. And instances of Subject can be
>
> shared
>
> >> across many applications (JAAS spec).
> >
> >Hey, JBoss is an APPLICATION SERVER, so I guess it should have more
> >permissions than all other applications ;-)
>
> Indeed, however perhaps I should have said services. A single instance of
> Subject can be shared across jBoss, an Oracle server, an MQ server etc etc.
> jBoss can't assume it owns the Subject, in fact what it knows it that it
> doesn't own the Subject.
>
> >Regards,
> > Oleg
>
> Edward
>
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
