[jira] Created: (GERONIMO-424) ConfigurationEntry support for multiple LoginModules

2 Nov 2004 23:44:44 -0000 

ConfigurationEntry support for multiple LoginModules
----------------------------------------------------

         Key: GERONIMO-424
         URL: http://nagoya.apache.org/jira/browse/GERONIMO-424
     Project: Apache Geronimo
        Type: Improvement
  Components: security  
    Versions: 1.0-M2    
    Reporter: Aaron Mulder


The abstract class ConfigurationEntry has support for returning multiple 
LoginModules (or more accurately, an array of AppConfigurationEntry's).  
However, none of the concrete implementations allow this.

It's a required feature in order for the CallerIdentityUserPasswordRealmBridge 
to work, because that needs the password to be put in the private credential 
set.  Currently we have one set of login modules that actually authenticate 
you, and a different LoginModule that populates the private credential set.  In 
order to be both behaviors, you need to load both LoginModules, but currently 
the available ConfigurationEntries can't be configured for that.

A problem is that the ConfigurationEntry gets its data from a SecurityRealm, 
and the SecurityRealm can only return a single AppConfigurationEntry (or 
LoginModule).  It doesn't make sense to me to make the new "multiple 
configuration entry" take multiple security realms as its input.  In concept, 
you want one security realm with two login modules.

So I think the change has to start by allowing a SecurityRealm to return 
multiple AppConfgurationEntry values.

Then we need the configuration syntax for the standard security realm GBeans to 
change so that they can take multiple login modules, including the options and 
control flags for each.  Like, you might want to use a vanilla 
SQLSecurityRealm, but have it add a GeroinmoPasswordCredentialLoginModule (or a 
hypothetical AuditTrailLoginModule) in addition to its standard LoginModule.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira

Reply via email to