[ http://issues.apache.org/jira/browse/GERONIMO-409?page=all ]
David Blevins updated GERONIMO-409:
-----------------------------------
Fix Version: 1.0
(was: 1.0-M5)
> SQLSecurityRealm/SQLLoginModule needs overhaul
> ----------------------------------------------
>
> Key: GERONIMO-409
> URL: http://issues.apache.org/jira/browse/GERONIMO-409
> Project: Geronimo
> Type: Bug
> Components: security
> Versions: 1.0-M2
> Reporter: Aaron Mulder
> Priority: Critical
> Fix For: 1.0
>
> The SQLSecurityRealm and SQLLoginModule do not scale. In particular, they
> load all users and all groups in the security realm once when the realm is
> started, and again for every login request. Imagine a database of thousands
> of users/groups.
> There should instead be required SQL queries to load a single password given
> a username, and to load a list of groups for a single user given a username.
> Then there can be optional SQL queries to load a list of all users or to load
> a list of all groups, though we still shouldn't care who the group members
> are.
> Also, it appears that the digesting features provided by
> SQLSecurityRealmPasswordDigested are never invoked, so that class has no
> effect. It seems like the best way to implement digesting would be to make
> the basic SQLLoginModule take a digest algorithm argument. If present, the
> SQLLoginModule could instantiate and use a digester on the incoming password
> (and if not, not). Then we don't need any extra class for it, and you could
> enable digesting simply by adding a login module configuration option.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
