Just an FYI: In JBoss JAAS doesn't really work as expected, if you log in under a context say
mywar | -protected -unprotected then getPrincipal() returns null for the "unprotected" subcontext(directory), but returns the principal under the secured subcontext. we don't want that to happen to us, do we :)) Filip > -----Original Message----- > From: Costin Manolache [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 5:31 PM > To: [EMAIL PROTECTED] > Subject: JAAS Auth > > > Hi, > > I'm close to get JAAS realm and the memory LoginModule working - if I > remember correctly we agreed to make JAAS the default for 5.0 > ( I don't > remember any objections ). > > I never tried it in 4.x - but from the code and code I > strongly doubt it > works. > > There is one change I would like to make. > > As you know, JAAS login modules return a Subject and a set of > Principals. > There is no clear way to decide which Principals are Roles - so we > currently require the user to configure the realm with the > list of classes > that are role principals. > > In addition to that, I would like to support a different > pattern - used > in JBoss - which seems much cleaner and logical. > > If a Principal of type "java.security.acl.Group" is found - > named "Roles" - > we'll treat all the Principlas in that Group as roles. ( the > old mechanism > should still be supported, of course ) > > The other problem: I think we should move the catalina-indepedent JAAS > code in a separate module, for example j-t-c/jaas. That would include > SimplePrincipal, MemoryLoginModule - and eventually JNDI/JDBC/etc > LoginModules if anyone has the time to make the conversion. > It's not a big > priority, but it'll clean up the code deps and maybe the code could be > reused. > > Opinions ? Votes ? > > Costin > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
