Its true that JAAS has nothing to do with setting identity, but there is nothing in J2EE that does. The only that this is even mentioned as an authentication mechanism in J2EE is JAAS, so that is what jboss uses. The Subjec that results is irrelevant in terms of an identity proxy. Doing a JAAS login that produces a Subject, even if actual authentication is involved is essentially the same as:
| Subject s = new Subject(); | s.getPrincipals().add(new SomePrincipal()); | The login modules may add extra stuff, but the end product may have nothing as there is no contract for what a Subject contains. In the absense of a SecurityManager, anyone create create a Subject with whatever they want in it as well, so why am I going to trust it? The only thing we could change it to have the ClientLoginModule put the credentials into the Subject under some jboss specific type and add a wrapper around the SecurityAssociation that took the Subject and reproduced the current behavior of the ClientLoginModule. The JndiLoginInitialContextFactory I referenced is already once such wrapper. It just happens to take the Principal and credentials passed to the InitialContext environment. There already is an org.jboss.security.AltClientLoginModule that takes the SecurityAssociation principal from the Subject and it could be updated to store the credentials in the Subject for use by JndiLoginInitialContextFactory or some other run as wrappers. Indirection solves everything. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3882691#3882691 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3882691 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
