Hi Scott,
Scott M Stark wrote:
> The current cvs code should be working as Oleg suggests as there
> is no attempt to wrap the Principal obtained from the Subject that
> was created by a LoginModule. I don't know that this behavior will
> exist in the future for a couple of reasons:
> 1. This seems like a security hole since I can write a LoginModule that creates
> mutable Principals that would allow someone down the line to change the
> Principal identity.
Disagree. You can't do this being an ordinary user or being a Bean
Provider.
Principals can be replaced by *server* login module only, which is
set in jboss/conf/default/auth.conf, not in jboss.xml,
i.e. by Deployer.
Principal mapping should be performed by Deployer by specification:
-------- begin ------------
15.4.1 Security domain and principal realm assignment
The Deployer is responsible for assigning the security domain and
principal realm to an enterprise bean application.
Multiple principal realms within the same security domain may exist,
for example, to separate the realms of employees, trading partners,
and customers. Multiple security domains may exist, for example,
in application hosting scenarios.
-------- end ------------
Of course, using information about the custom Principal implementation
in the Bean code is not portable, it is a kind of trick.
Well, if there was getCallerSubject() method, the trick wouldn't be
needed.
Scott, I guess the approach that you propose is more portable and
ideologically correct, but don't kill the current way, please.
There is no security hole here, so let people use JBoss in a
non-portable way if they want. I want.
Regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
