Tom,
Thanks for putting this together...
See comments below:
--- "Pesendorfer, Tom" <[EMAIL PROTECTED]>
wrote:
> From: Pesendorfer, Tom
> Sent: Thursday, 10 February 2005 7:18 AM
> To: 'Jetspeed Users List'
> Subject: Diagrams for login, authentication, LDAP
> handlers
>
>
> Attached are 3 sequence diagrams (in 3 posts due to
> mail size limit) from
> what I could follow in the code in an effort to
> understand what is
> happening. The first one covers the login, the
> second one the portlet
> security, and the third one the new LDAP handlers
> (by Mike Long).
>
> Any clarifications, corrections, or additional
> details are very welcome!
>
> The first question I have is: It seems the user is
> retrieved twice - once
> (typically) inside the LoginModule (see first
> diagram), and then later on
> when the SecurityValveImpl doesn't find a Subject in
> the session (if it's
> the first time). Why is the Principal &
> Subject/credential not re-used from
> when it was available in the LoginModule? (if I
> were to do that, would it
> remove the need for the UserSecurityHandler?)
The UserSecurityHandler is used by the UserManager for
managing users also.
> Also, regarding the first diagram, how does the
> user/password end up with
> the LoginModule - I assume this is done by JBoss'
> JAAS implementation,
> correct?
>
> Thanks & regards,
> Tom
>
>
>
> >
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
